Amid shrinking budgets, DISA turns to the commercial cloud

Commercial services would be able to coexist with the agency’s milCloud program, DISA’s vice director says.

Sequestration and more budget cuts are driving the Defense Information Systems Agency to cut out costs in its milCloud program and other areas, while looking to commercial solutions, Maj. Gen. Alan Lynn, the agency’s vice director, said.

Speaking at the Joint Warfighter IT Day conference held by AFCEA NOVA on Sept. 4, Lynn reassured industry that as sequestration approaches, the agency will be considering cheaper, commercial supplements to DISA’s cloud-services product portfolio, milCloud.

“If industry can come to us with a cloud solution that is cheaper, then we are going to go to it. That’s the bottom line,” Lynn said. “And there are some things that we’re never going to put into a commercial cloud that we’ll need the milCloud for. So we’re going to be able to live side by side with industry in the cloud in the future.”

For many cloud service providers, the release of milCloud in March represented more competition -- this time from the government itself -- in a technology area that requires significant standards and security implementation.

Industry cloud providers are subject to standards under the Federal Risk and Authorization Management Program in addition to controls required by the National Institute of Standards and Technology, FCW reported earlier this year. Industry Cloud Providers at the time were worried that milCloud would create an unbalanced playing field.

But as money becomes scarce across the Defense Department, a commercial solution may provide additional services for less.

“The hope is [that] by going to commercial industry, the cost overall is going to be cheaper because budgets are drying up,” Lynn said.

That’s why DISA is doing a small pilot: to find out if that is absolutely the case, and also to test the security of the commercial cloud, he added. DISA released several Requests for Information last year to investigate the viability of commercial cloud services.

Despite the heavy security requirements, DISA recently gave Amazon Web Services provisional authorization to operate at security impact levels 3 to 5 of the DOD Cloud Security Model, which would allow Defense Department components to use those cloud solutions for sensitive information falling under those levels. Several other companies have already been approved for levels 1 and 2, but AWS is the first to reach higher levels of classification.