Understand the Department of Defense Cloud Strategy of 2018
"If we fail to adapt ... at the speed of relevance, then our military forces ... will lose the very technical and tactical advantages we've enjoyed since World War II " - Secretary of Defense James N Mattis
In December 2018, the DoD examined the landscape of cloud service providers, and published a strategy that addresses how the cloud will be used to meet its mission.
The strategy document first calls out many issues the DoD has had to date.
The strategy notes that the Department has experienced “inadequate efficiency and security in information technology” and that the cloud can help it to address those deficiencies.
The strategy states that there have been “disparate cloud efforts and disjointed implementation” of cloud computing, which has resulted in limited capabilities, siloed data, and inefficient acquisitions.
It notes that the DoD has stood up many cloud implementations, but that the workloads have not been architected for the cloud nor are Enterprise ready. As a result, the workloads have cost the same or more to operate in the cloud, and it’s only third party contractors who have been brought in to show them how to modernize them for the cloud. It also notes that the DoD workforce has not been up-skilled enough to understand how to apply cloud capabilities to aging on premises or data center workloads.
Lastly, it notes that in order to benefit from AI technologies and fulfill the goal of a Joint Artificial Intelligence Center, enterprise cloud infrastructure must be in place, and it is not.
What must be done
The strategy document then pivots and talks about what it must do.
The strategy states that the Department must address the unique mission requirements through a multicloud, multi-vendor strategy that incorporates a General Purpose cloud and Fit For Purpose clouds.
A general purpose cloud provides a wide range of capabilities, including IaaS, PaaS, SaaS, and Serverless capabilities.
A "fit for purpose cloud" is one that is architected for a specific purpose: Artificial Intelligence, High Performance Compute, ultra low latency data transmission, tactical edge computing, etc.
The strategy states that the DoD’s cloud computing capabilities must enable exponential growth because of the sheer amount of data being produced year over year.
The strategy must scale for the episodic nature of the DoD mission through elasticity. That is, when the nation is at war, the cloud must scale up to meet its requirements. When the nation is at peace, it must scale itself back.
The strategy must proactively address cyber challenges by applying standard cloud-based cyber security solutions that include infrastructure, applications, and data. The DoD must also remain evergreen on security and technology. The strategy is complimentary about the cyber security capabilities that commercial cloud providers employ to stay ahead of the cybersecurity curve.
The strategy must enable AI and data transparency, meaning that data should be maintained in data lakes and data hubs within a single Enterprise cloud instead of multiple cloud subscriptions or multiple cloud providers, so that it may be queried in real time. The strategy also states that while it must make data available for these on-demand, massive queries, all of the data must remain secure by utilizing modern data management techniques.
The cloud computing capabilities must extend tactical support for the Warfighter at the edge, meaning that it must provide capability anywhere in the world, within the U.S. or outside, and at all classification levels.
The cloud computing capabilities must take advantage of resiliency in the cloud. The strategy notes that commercial cloud service providers provide native support for efficient failover in times of crisis and operational disruption, which the DoD must take advantage of because it “ensures comprehensive mission execution, due to its distributed, scalable, and redundant nature.”
Last, the cloud strategy and cloud service providers must drive IT reform at DoD. The strategy document notes that significant data center and application rationalization has taken place, however, the cloud will continue to push the DoD to reduce its duplicative spend through using shared services.
Guiding principles
The document ends with a series of strategic approaches and guiding principles:
Warfighter first
Any commercial cloud services leveraged must put the needs of the Warfighter first, and not in a place of risk.
Cloud Smart – Data Smart
Cloud solutions must streamline transformation, embrace modern capabilities for multiple clouds and missions, provide data transparency and visibility, and enable enterprise infrastructure, application standards, and data tagging.
Leverage Commercial Industry Best Practices
The DoD must:
- Leverage commercial technology, capability, and innovation
- Maximize competition to ensure best technology and value
- Leverage open standards to avoid lock-in
- Independently assess services to ensure data security
Create a Culture Better Suited for Modern Technology Evolution
As implementation details, the document points to a single vendor to provide a general purpose cloud (the JEDI initiative) and then multiple vendors to provide fit for purpose clouds, including milCloud2.
Importance
The DoD Cloud Computing Strategy of 2018 is fairly significant in its acknowledgment that a fractured implementation has lead to data silos, its definitions of "general purpose" and "fit-for-purpose" clouds, and its desire to move to a singular general purpose cloud and multiple fit-for-purpose clouds in conjunction with milCloud2.
The themes of cybersecurity, privacy, data protection, and putting the mission first continue to be emphasized throughout.