Halvorsen to industry: 'Let's be real' with each other on cloud data
Acting DOD CIO expects commercial providers to share more data for the sake of cloud security, and says DOD will do the same. The Pentagon's next-gen email plans were also discussed.
Acting Defense Department CIO Terry Halvorsen on Jan. 29 called on commercial cloud providers to own up to the challenges of data liability and information sharing, measures he sees as instrumental to the Pentagon reaping the benefits of the commercial cloud.
"When you lose our data that's in your cloud, you have all the normal liability issues, but let's be real, you're dealing with DOD…you also have a bit of a political liability," Halvorsen said. "Our data gets lost, it's going to make the news. It's going to get interest [from] Congress, it's going to get interest [from] the American people."
Halvorsen's blunt talk at a DOD cloud industry day held at the Commerce Department was the latest step in the Pentagon's effort to court the private sector for cloud services. In tight fiscal times, DOD officials are trying to balance the savings likely to come from more commercial cloud adoption with the security risks of moving too fast.
The Pentagon's top IT official said he has heard plenty of concerns from cloud firms about what he called the "political liability" of doing business with DOD, but told the audience that is the cost of entering the potentially lucrative DOD cloud market.
"This is going to have to be…a much better partnership between industry and government in how we do this in a way that makes you money," Halvorsen said.
The only way a multiple-cloud environment is "going to work effectively, efficiently and securely is [if] we share common data," he added. "Particularly in the security area, we're going to have to have common infrastructure, common sensors, common data exchange – and it has to cross government and industry boundaries."
At a press briefing at the event, Halvorsen said that within 90 days he expects DOD to stand up "cloud access points" -- key elements of the security apparatus that connects DOD information networks to the commercial cloud. The Defense Information Systems Agency has been conducting a pilot project to test the speed and security of the CAPs, Maj. Gen. Alan Lynn, the agency's vice director, said earlier at the industry day.
Halvorsen told reporters that that the CAPs are crucial for cloud security because it reduces the number of potentially vulnerable connections to commercial networks.
Halvorsen also revealed during his remarks to industry that the next version of the unclassified part of DOD's enterprise email system "will be a completely commercial solution." He explained that decision to reporters by saying, "I think that the commercial industry has certainly shown that they could do an unclassified email at a lower price."
The cloud industry day, which drew several hundred commercial and government cloud practitioners, caps a busy several weeks for DOD's changing cloud policy.
DISA, the DOD agency in charge of IT infrastructure, on Jan. 12 released a security requirements guide for commercial and non-DOD cloud providers. The document is aimed at simplifying the selection process by reducing the number of "impact levels" for sensitive information handled in the cloud.
And in another move intended to quicken the Pentagon's adoption of the commercial cloud, Halvorsen issued a memo on Dec. 15 that allowed the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to DISA.
NEXT STORY: DoD seeks refresh for OneSource website