DISA mulls on-premises models for cloud providers

Under these scenarios, vendors would either set up shop inside a DOD data center or operate from a modular container on the premises.

Responses to the RFI are due Nov. 3.

The Defense Information Systems Agency, in its continuing search to find ways to help military agencies move to the cloud, is researching the possibility of having commercial providers establish cloud ecosystems on Defense Department networks from either within, or right next to, DOD data centers.

In a request for information, DISA said it is exploring different ways that services could be provided, but that it is interested in a private cloud limited to DOD organizations and mission partners. The solicitation is looking for feedback on two cloud models.

One is the Data Center Leasing Model, in which a commercial provider would rent space in a DOD Core Data Center, providing cloud ecosystem services from there.

The other is the On-Premise Container Model, in which the vendor provides services from a modular container—the solicitation calls it a shipping container—that is brought to the property of the facility it would be serving. (Movable, modular data centers are an idea that has some traction.) The containerized center would draw power and cooling from the local facility, but would maintain a physical boundary, keeping it separate from the DOD data center.

DISA sets out some key requirements for possible providers under either model, including that prime contractor must maintain direct control of the cloud environment. And because they would be operating within or adjacent to a DOD data center, DISA is considering both models for Levels 5 and 6 of the DOD Cloud Security Model, which cover sensitive and classified information.

DOD has big plans for cloud computing, but adoption has been slowed by security concerns and some uncertainty of DISA’s role in leading the transition.

The DOD Cloud Security Model sets a high bar that has to date proved to be difficult for vendors to clear. A handful have gained DISA authorization to operate at Levels 1 and 2 of the model, covering public-facing and unclassified information, while only Amazon Web Service’s GovCloud has so far been approved for Levels 3 through 5.

And after initially designating DISA as the department’s sole broker for cloud services, DOD recently softened that stance, opening the door for military agencies to pursue cloud services on their own—though with the proviso that any service still must have DISA’s provisional authorization.

The on-premises models DISA is now considering could be a way to add another layer of physical security.