Army's cloud strategy outlines long-range goals, security precautions
The Army expects to reap benefits in cost and technical support, while increasing interoperability and ensuring cybersecurity.
In the latest of its steady, if cautious, steps toward the cloud, the Army recently released its Cloud Computing Strategy, outlining its goals for the next 10 years while acknowledging the security concerns that have prevented the service, and the defense Department in general, from making a move quickly.
The Army has clear reasons for moving to the cloud. “Transitioning to cloud-based solutions and services advances the Army’s long-term objective to reduce our ownership, operation and sustainment of hardware and other commoditized information technology (IT),” Army CIO Lt. Gen. Robert Ferrell wrote in the Cloud Computing Strategy. “Procuring these as services will allow the Army to focus resources more effectively to meet evolving mission needs.”
Cloud eventually will improve IT efficiency, network security and interoperability with the other military services and coalition partners, Ferrell wrote, while allowing the Army to more quickly adopt new technologies.
Among the key cloud-centric projects the Army will support are the cross-agency Joint Information Environment (JIE), the Intelligence Community Information Technology Enterprise (ICITE) and the WIN-T battlefield network, which is intended to extend a command-and-control view to soldiers at the tactical edge.
The strategy also lists several other benefits that would come from adopting a cloud-based environment:
- Support for the JIE by providing capability in centralized locations that are accessible across the DOD Information Network.
- Advancement of the Army’s long-range objective of transitioning away from owning, operating and sustaining hardware and other commoditized IT in order to better focus its resources on meeting mission needs.
- Support for the Army’s Mission Command Network 2020 Focused End State 4.0.
- The cloud provides a platform for the creation of standard solutions and efficiencies that can be applied consistently to ensure both capabilities and cybersecurity are effectively implemented seamlessly across the institutional and operational environment.
- The cloud provides an infrastructure that supports more agile and faster implementation of new systems.
- The cloud provides flexibility by using automation to expand or contract application resources based on utilization.
Transitioning to the cloud will not occur overnight, however. Since the cloud “will maintain the security posture required to protect data and meet the Army’s mission requirements,” the Army will have to focus intently on ensuring all systems are up to their proper classifications, which could take time, the report says. The Army plans to start building the foundation to meet its vision statement of a “strategic and tactical advantage over its adversaries through information dominance” though a mix of approved government and commercial cloud services by 2025, focusing on improving network security. Various aspects of security the Army will be focusing on include:
Encryption: Ensure that strong (FIPS 140-2 compliant) encryption is used for Web sessions and other network communications sessions, and ensure that approved data-at-rest and in-transit encryption standards are provided, to include a key management plan.
Authentication: Ensure the use of authentication tokens or other appropriate form of advanced authentication.
Identity and Access Management: Ensure visibility into authentication and access control mechanisms in a provider’s infrastructure, and provide the authentication tools that for consumers to provision authentication information, and to input and maintain authorizations for consumer-users and applications without the intervention of the provider.
Performance Requirements: Benchmark current performance scores for an application and establish key performance score requirements before deploying applications to a provider’s site.
Visibility: Ensure that the provider allows visibility into the operating services that affect a specific consumer’s data or operations on that data, including monitoring system welfare.