Cloud storage and technology has come into focus as the technology of the future for the Department of Defense. Late last year, the department made two huge steps in signaling its commitment to cloud. First, in November 2022, it released its strategy for the next few years of cyber protections. This plan for implementing a zero trust architecture by 2027 is spurred by the increasing amount of information that is being kept in the cloud — partially due to a workforce that is expanding and decentralizing.
The second major cloud-favoring move was the awarding of the Joint Warfighting Cloud Capability Contract in December. This $9 billion offering tasks Microsoft, Google, Oracle and Amazon Web Services with overseeing a massive cloud migration and overhaul. The undertaking will occur at all three security classification levels and encompass military communication systems that span the Pentagon and domestic service branch headquarters and bases, all the way to the tactical edge.
Want to know more about priorities and activities surrounding cloud and the DOD? Join us for ExecutiveBiz’s Cloud Security Forum on March 22. The event is virtual and will feature insights from David McKeown, deputy chief information officer for cybersecurity at the Pentagon, who is delivering the keynote address. Register here.
When the cybersecurity plan was announced, McKeown, who is also senior information security officer, said the DOD will be holding its various agencies accountable through spending checks and budget reporting. This is meant to help ensure that zero trust really is being executed on a mass scale and thus hopefully help contribute to a safer information environment.
In the stratagem, DOD gives its components three options: evolve security standards to meet zero trust requirements on the current network, or conduct it either in a commercial cloud or privately-designed cloud setting.
“We are defining capabilities here and we’re leaving it up to the services for how they implement those and integrate them … It’s been like pushing on an open door to try to get people to go to this. They see the need for it. The perimeter defenses were not working,” McKeown stated.
The “perimeter defenses” he referenced largely were becoming inadequate because the acceleration of cloud usage has caused information to be dispersed and for security practices that cover a single area in which data is held to be insufficient.
Where the zero trust strategy aims to guide the DOD in protecting its data infrastructure, the JWCC contract is intended to bring “cutting-edge cloud capabilities” with an eye toward building out and “developing an environment,” per John Sherman, chief information officer at the DOD and Robert Skinner, director of the Defense Information Systems Agency.
“That environment includes some great accelerators, as we call them — those capabilities that help enable our mission partners, those warfighters, to be able to leverage cloud a lot more than what they are today,” elaborated Skinner, who, like Sherman, is a two-time Wash100 Award recipient.
He added that the contract effort, which will ensure that DOD entities have access to the four contracted companies’ offerings sans an intermediary or third party reseller, is designed to move the DOD toward enhancing the integrated data layer.
Curious about the intersection between cloud technologies and cybersecurity, particularly as it relates to the DOD? Want to hear exclusive, extended remarks from David McKeon, DOD deputy CIO for cybersecurity? Attend the virtual Cloud Security Forum on March 22. Register here.