print story Print email this story to a friend E-Mail

tool name

tool goes here

DOD information technology journeys into cloud

American Forces Press Service

Published: 11:17AM January 24th, 2013

WASHINGTON – The Defense Department’s information technology infrastructure is on a journey of consolidation, standardization, security and access, the Defense Department’s principal deputy chief information officer told attendees at a cloud computing panel discussion recently.

The department is reducing the number of data centers from about 1,500 to “a number far below that,” Robert J. Carey said, and is implementing a coherent and consistent architecture across thousands of computing environments.

This process is taking place in part because of the current era of fiscal austerity, but also because it makes sense when it comes to securing data within the network, Carey said.

In addition, DOD, along with much of industry, is shifting toward a cloud computing posture: the collection of data and use of related computing services via remote servers accessed through the Internet. Cloud computing isn’t without its risks, Carey said, but the department is moving the paradigm of security from the infrastructure to the data layer. This includes continuous monitoring and cryptography, he said.

Concentrating on securing data, rather than an entire network, is “a big shift for a big engine like DOD,” Carey said.

As the department implements the joint information environment and delivers a consistent computing architecture — which Carey noted the department does not yet have — security becomes the discriminating factor, he said.

“We’re moving at a very deliberate pace,” Carey said. “We have lots of (pilot programs) going on to evaluate these kinds of things and to make sure we understand both the pros, cons and risks of moving into the cloud space. “We have to take advantage of what commercial technology is bringing us, but at the same time, make sure that the people that actually ... acquire it for us are able to do so,” Carey said.

Measuring risk in the cloud and the costs of risk response is a difficult task, Carey said.

“At the end of the day, the metrics of cloud security are, at best, nebulous,” he said. It isn’t easy to balance risk reduction and purchasing, but it’s important for the IT community to try.