DISA to cede procurement authority for commercial cloud to military services
The acting DOD CIO wants the department to move the commercial cloud faster. To do that, he plans to give military services more authority over the process.
Acting DOD CIO Terry Halvorsen still calls DISA the Pentagon's cloud broker, but the services will have more authority to act on their own in buying cloud services.
In an effort to hasten its move to the commercial cloud, the Defense Department will allow the military services to procure their own cloud services rather than leaving that authority to the Defense Information Systems Agency.
The policy change, which will come in the form of a memo by the end of next month, is a significant departure from the role acting DOD CIO Terry Halvorsen’s predecessor, Teri Takai, laid out for DISA as a centralized cloud broker.
"I think some just criticism of the department has been we have not moved out into the cloud fast enough," Halvorsen said on a Sept. 23 conference call with reporters. His remedy is to "let the military departments do their own acquisitions of the cloud services and not have to funnel that through one agency – in this case, DISA."
Halvorsen still referred to DISA as the Defense Department’s cloud broker, but the new policy will give the individual services freer rein to acquire the cloud capabilities they want.
The decentralized process will still require the services to submit security plans for DISA's approval, giving the agency a wide-angle view of DOD's adoption of commercial cloud services. The acting CIO said he wants that bird's-eye view so he can test the assumption that the commercial cloud will save the department money.
Halvorsen's office has two ongoing pilots, both with Amazon, to measure cost savings and other features of the commercial cloud. "Amazon is right now the only vendor that is initially approved for level three and four data," he said, referring to DISA designations of high-risk but unclassified data.
The pilots will yield "good industry data on who are the interested players in supporting a commercial cloud solution that meets DOD's security requirements and, frankly, meets our financial requirements," he added.
Underpinning the new cloud procurement policy will be a business case analysis (BCA) template that the CIO's office and the services are still ironing out. The template, which Halvorsen said would also cover cybersecurity and other IT-related procurement decisions, would give services a common means of justifying their procurements based on cost, security and interoperability. Halvorsen described the BCA as a rubric that his office would regularly consult in its quest to make the commercial cloud more widespread in DOD.