U.S. Department of Defense Cloud Computing Strategy

7/31/2019 U.S. Department of Defense Cloud Computing Strategy

1/44


2/44


3/44

Thispage

intentionally

left

blank


4/44

E1

DoDCloudComputingGoal

Implementcloud

computing

as

the

meanstodeliverthemost innovative,

efficient, and secure information and

IT services in support of the

Departments mission, anywhere,

anytime,onanyauthorizeddevice.

EXECUTIVESUMMARY

Inthecurrentpolitical,economic,andtechnologicallandscape,informationtechnology(IT)is

expected

to

provide

extensive

and

ever

increasing

capabilities

while

consuming

fewer

resources.Withtheincreaseofbothstatesponsoredandindependentcyberthreats,the

DepartmentofDefense(DoD)isrecognizingthegrowingimportanceofleadingastrongand

securepresenceincyberspace. Concurrently,globalfinancialeventsaredrivinganeedfor

continuedbudgetaryconstraintsandstricterfinancialoversight. Asaresult,theDepartment

musttransformthewayinwhichitacquires,operates,andmanagesitsITinordertorealize

increasedefficiency,effectiveness,andsecurity.

TheDepartmenthasbegunthistransformationbyestablishingasetofinitiativesthatare

aimedatachievingimprovedmissioneffectivenessandcybersecurityinareengineered

informationinfrastructure.

The

result

of

this

new

effort

will

be

the

Joint

Information

Environment,orJIE. TheJointInformationEnvironmentisarobustandresiliententerprisethat

deliversfaster,betterinformedcollaborationanddecisionsenabledbysecure,seamlessaccess

toinformationregardlessofcomputingdeviceorlocation.

TheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto

achieveJIEgoals. TheDoDCloudComputingStrategyintroducesanapproachtomovethe

Departmentfromthecurrentstateofaduplicative,cumbersome,andcostlysetofapplication

silostoanendstatewhichisanagile,secure,andcosteffectiveserviceenvironmentthatcan

rapidly

respond

to

changing

mission

needs.

The

DoD

Chief

Information

Officer

(CIO)

is

committedtoacceleratingtheadoptionofcloudcomputingwithintheDepartmentandto

providingasecure,resilientEnterpriseCloudEnvironmentthroughanalignmentwith

DepartmentwideITefficiencyinitiatives,federal datacenterconsolidationandcloud

computingefforts. Detailedcloudcomputingimplementationplanninghasbeenongoingand

informstheJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operation

andGovernanceefforts.

Increasedmissioneffectivenessandoperational

efficienciesarekeybenefitsthatcanbeachievedwith

cloudcomputing.

Cloud

computing

will

enable

the

DepartmenttoconsolidateandsharecommodityIT

functionsresultinginamoreefficientuseofresources.

CloudservicescanenhanceWarfightermobility

throughdeviceandlocationindependencewhile

providingondemandsecureglobalaccesstomission


5/44

E2

dataandenterpriseservices. Cloudplatformsandservicescanprovideincreasedopportunity

forrapidapplicationdevelopmentandreuseofapplicationsacquiredbyotherorganizations.

TheDepartmenthasspecificcloudcomputingchallengesthatrequirecarefuladoption

considerations,especiallyinareasofcybersecurity,continuityofoperations,information

assurance(IA),

cybersecurity,

and

resilience.

Additional

challenges

include

service

acquisition

andfundingsustainment,datamigrationandmanagement,andovercomingnetwork

dependenceatthetacticaledge(disconnected,intermittentandlowbandwidth(DIL)users).

Tohelpmeetthesechallenges,theDepartmentisleveragingtheFederalRiskandAuthorization

ManagementProgram(FedRAMP). FedRAMPwillestablishastandardapproachtoassessand

authorizecloudcomputingservices,anddefinerequirementsforthecontinuousauditingand

monitoringofcloudcomputingproviders.Inaddition,DoDCIOiscurrentlyupdatingthe

DepartmentsInformationAssurance(IA)policiesandinstructions,aligningIAcontrolsand

processes

with

those

used

across

the

Federal

Government.

The

Department

is

taking

a

cautious

approachasitworkstofullyunderstandthechallengesandestablishtheappropriaterisk

mitigations.

TheDoDCIOisacceleratingandsynchronizingeffortsthatcreateenterprisewidecapabilities

andserviceswhileeliminatingtheunnecessaryduplicationofcapabilities.Currently,the

Componentsareconsolidatingtheirdatacentersandnetworkinfrastructure. Bydesignatinga

fewdatacentersasCoreComponentscanbuildincloudinfrastructurethatbeginsthe

processofcreatingaDoDEnterpriseCloudEnvironment.Thisprocesswillincludenetworkre

designandconsolidation,policyandprocesschanges,andtheadoptionofenterprisestandards

thatenable

interoperability

across

networks

and

between

data

centers.

The

DoD

Enterprise

CloudEnvironmentwillincludeseparateimplementationsanddataexchangesonNonsecure

InternetProtocolRouterNetwork(NIPRNet),SecureInternetProtocolRouterNetwork

(SIPRNet),andTopSecretSensitiveCompartmentalizedInformation(TSSCI)securitydomains.

ThisenvironmentwillbecloselyalignedwithIntelligenceCommunity ledinitiatives,and

supportinformationsharingwithDoDtraditionalandnontraditionalpartnersonJoint

WorldwideIntelligenceCommunicationsSystem(JWICS), andothernetworks.

InadditiontoenterprisecloudservicesprovidedDepartmentwide,Componentswillbe

encouragedto

use

or

provide

cloud

services

offered

by

other

Components,

other

entities

in

the

FederalGovernment,missionpartnersandcommercialvendorsthatmeettheirspecificmission

requirements. AllcloudservicesmustcomplywithDepartmentIA,cybersecurity,continuity,

andotherpolicies.TheDepartmentwillleveragecommerciallyofferedcloudservicesthatoffer

thesameoragreaterlevelofprotectionnecessaryforDoDmissionandinformationassets.

NewguidanceisbeingdevelopedthatwillestablishanEnterpriseCloudServiceBrokerto

managetheuse,performance,andsynchronizeddeliveryofcloudserviceofferingswithinthe


6/44

E3

Department,fromotherFederal,andcommercialproviders. TheBrokerwillmakeiteasier,

safer,andmoreproductiveforDoDconsumerstodiscover,access,andintegratecloudservices

tosupporttheirmission.

TheDepartmenthasidentifiedfourconcurrentstepsthatenableaphasedimplementationof

theDoD

Enterprise

Cloud

Environment:

Step1: FosterAdoptionofCloudComputing

EstablishajointgovernancestructuretodrivethetransitiontotheDoDEnterpriseCloudEnvironment

AdoptanEnterpriseFirstapproachthatwillaccomplishaculturalshifttofacilitatetheadoptionandevolutionofcloudcomputing

ReformDoDITfinancial,acquisition,andcontractingpolicyandpracticesthatwillimproveagilityandreducecosts

Implementacloudcomputingoutreachandawarenesscampaigntogatherinputfromthemajorstakeholders,expandthebaseofconsumersandproviders,and

increasevisibilityofavailablecloudservicesthroughouttheFederalGovernment

Step2: OptimizeDatacenterConsolidation

ConsolidateandvirtualizelegacyapplicationsanddataStep3: EstablishtheDoDEnterpriseCloudInfrastructure

Incorporatecorecloudinfrastructureintodatacenterconsolidation OptimizethedeliveryofmultiprovidercloudservicesthroughaCloudService

Broker

DrivecontinuousserviceinnovationusingAgile,aproductfocused,iterativedevelopmentmodel

DrivesecureinformationsharingbyexploitingcloudinnovationStep4: DeliverCloudServices

ContinuetodeliverDoDEnterprisecloudservices Leverageexternallyprovidedcloudservices,i.e.,commercialservices,toexpand

cloudofferingsbeyondthoseofferedwithintheDepartment

TheDoDCIOwillestablishajointenterprisecloudcomputinggovernancestructuretodrivethe

policyandprocesschangesnecessarytotransitiontotheDoDEnterpriseCloudEnvironment

andoverseetheimplementationoftheDoDEnterpriseCloudStrategy. Toachievethecloud

computinggoal,allbarrierstoconsolidationandtransitionmustbeaddressedwithoutmajor

delay. DoDCIOwillbethefinaldecisionauthorityandwillprovideoversightforComponent

executionofdatacenterconsolidationandcloudservices,exercisingappropriategovernanceto

ensureanefficientorchestrationofchange.


7/44

iv

TableofContents

Introduction.................................................................................................................................... 1

CloudComputingDefined........................................................................................................... 2

Federaland

DoD

Mandates

Driving

Cloud

Computing

Adoption

...............................................

3

BenefitsDoDCanDeriveFromCloudComputing...................................................................... 4

AchievingDoDITObjectivesThroughCloudComputing........................................................... 4

ChallengestheDepartmentFacesMovingtoaCloudComputingEnvironment.......................6

TransitioningtotheDoDEnterpriseCloudEnvironment............................................................... 8

Step1:FosterAdoptionofCloudComputing........................................................................... 10

GoverntheDoDEnterpriseCloudEnvironment.................................................................. 11

Adoptan

Enterprise

First

Approach

.....................................................................................

12

ReformDoDITFinancial,Acquisition,andContractingPolicyandPractices.......................12

ImplementaCloudComputingOutreachandAwarenessCampaign..................................14

Step2:OptimizeDataCenterConsolidation............................................................................ 15

ConsolidateandVirtualizeLegacyApplicationsandData....................................................15

Step3:EstablishtheDoDEnterpriseCloudInfrastructure......................................................16

IncorporateCoreCloudInfrastructureintoDatacenterConsolidation...............................17

Optimizethe

Delivery

of

Multi

provider

Cloud

Services

via

Cloud

Service

Brokerage

........

18

UseAgileApproachestoDriveContinuousServiceInnovation...........................................19

ExploitCloudInnovationtoDriveSecureInformationSharing............................................20

OperationalDataFunctionsandInformationalDataServices.............................................20

Step4:DeliverCloudServices.................................................................................................. 22

ContinuetoDeliverDoDsEnterpriseCloudServices..........................................................22

LeverageExternallyProvidedCloudServices....................................................................... 23

NextSteps

.....................................................................................................................................

26

Conclusion..................................................................................................................................... 27

AcronymList................................................................................................................................ A1

References................................................................................................................................... B1

CloudrelatedTerms.................................................................................................................... C1


8/44

v

Figure1:DoDEnterpriseCloudEnvironment............................................................................... 10

Figure2:ConsolidatedCoreDatacenterswillFormtheBasisoftheEnterpriseCloud

Infrastructure................................................................................................................................ 18

Figure3:

Example

Services

Available

to

Cloud

Consumers

.........................................................

C

4


9/44

1

IntroductionAsbusinessandmissiondependencyonInformationTechnology(IT)grewwithintheDoD,

duplicative,costlyandcomplexITinfrastructureswerebuiltbyComponentstoexecutetheir

missionsand

run

their

businesses.

The

development,

operation,

and

management

of

these

resourcesarelargelyinefficient,costingtimeandmoneythatcouldbeapplieddirectlytowards

achievingstrategicinitiatives. AccordingtoaDefenseScienceBoardanalysisof32major

automatedinformationsystemacquisitions,theaveragetimetodeliveraninitialDoDprogram

capabilityis91monthsoncefundingisapproved. Thisistwotothreetimestheaverage

industryITrefreshcycletime,makingitdifficulttokeeppacewithuserneedsandtechnology

evolution. ContinuedtechnologymaturationhasenabledcommoditizationofcertainIT

functions(email,serverhosting,collaboration,etc.),andimprovednetworkperformancenow

allowsITorganizationstospecializeinofferingthesecommoditizedITfunctionsasserviceson

thenetwork.

TheDepartmentmusttakeadvantageofthecommoditizedITfunctionsandtransformtheway

inwhichitacquires,operates,andmanagesitsITinordertorealizeincreasedefficiency,

effectiveness,andsecurity. TheDepartmenthasbegunthistransformationbyestablishinga

setofinitiativesthatareaimedatachievingimprovedmissioneffectivenessandcybersecurity

inareengineeredinformationinfrastructure. TheresultofthisneweffortwillbetheJoint

InformationEnvironment,orJIE. TheJIEisarobustandresiliententerprisethatdeliversfaster,

betterinformedcollaborationanddecisionsenabledbysecure,seamlessaccesstoinformation

regardlessofcomputingdeviceorlocation.

TheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto

achieveJIEgoals. TheDoDCIOiscommittedtoacceleratingandsynchronizingeffortsto

eliminateunnecessaryduplicationofcapabilitieswithEnterprisewideservices,while

establishingEnterprisesecuritymechanismstoensuresecureconnectionandaccesscontrol

acrossmissionpartnerandnetworkboundaries. TheDoDEnterpriseCloudEnvironmentwill

facilitateconsolidatingandoptimizingtheDepartmentsITinfrastructure,includingdata

centersandnetworkoperations,andstandardizingITplatformsthatensureasecurecyber

environmentandleverageAgiledevelopment.TheDepartmentwillalsoadoptcommercial

cloudcomputing

solutions

to

the

greatest

extent

possible

in

support

of

the

Departments

mission. DetailedCloudComputingimplementationplanninghasbeenongoingandinforms

theJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operationand

Governanceefforts.


10/44

2

TheFederalCloudComputingStrategy(SeeAppendixB,(ReferenceA))characterizescloud

computingasa:

profoundeconomicandtechnicalshift(with)greatpotentialtoreducethecostof

federalInformationTechnology(IT)systemswhileimprovingITcapabilitiesand

stimulatinginnovationinITsolutions.

TheDoDCloudComputingStrategylaysthegroundwork,consistentwiththeFederalCloud

ComputingStrategy,foracceleratingcloudadoptionintheDepartment. Itisintendedtofoster

asubstantivediscussionastheDepartmenttransitionstoitsEnterpriseCloudEnvironment.

CloudComputingDefined

TheNationalInstituteofStandardsandTechnology(NIST)definescloudcomputingas:

Amodelforenablingubiquitous,convenient,ondemandnetworkaccesstoashared

poolofconfigurablecomputingresources(e.g.,networks,servers,storage,applications,

andservices)

that

can

be

rapidly

provisioned

and

released

with

minimal

management

effortorserviceproviderinteraction.

ThedetailsoftheNISTcloudcomputingdefinitionsprovideasimpleandunambiguous

taxonomyofthreeservicemodelsavailabletocloudconsumersthatarethecoreofcloud

computing:SoftwareasaService(SaaS),PlatformasaService(PaaS),andInfrastructureasa

Service(IaaS). DetaileddefinitionsofthesethreemodelsappearinAppendixC,alongwith

othertermstypicallyassociatedwithcloudcomputing,suchasdeliverymodelsand

characteristics.

WhilethetraditionalITdeliverymodelisfocusedonthedevelopment,maintenanceand

operationofcomputinghardwareandsoftware,thecloudcomputingmodelfocuseson

providingITasaservice.Underthecloudcomputingmodel,thereareserviceprovidersand

serviceconsumers. Serviceprovidersspecializeinperformingspecifictasksorfunctionsfor

serviceconsumers.Theserviceprovidersandserviceconsumersinteractwithoneanotherover

anInternetProtocol(IP)basednetwork.

DoDCloudComputingGoal

Implementcloudcomputingasthemeanstodeliverthemostinnovative,efficient,andsecureinformationandITservicesinsupportofthe

Departmentsmission,anywhere,anytime,onanyauthorizeddevice.


11/44

3

FederalandDoDMandatesDrivingCloudComputingAdoption

TheFederalGovernmentintendstoacceleratethepaceatwhichitwillrealizethevalueof

cloudcomputingbyrequiringagenciestoevaluatesafe,securecloudcomputingoptionsbefore

makinganynewITinvestments. InalignmentwithFederalandDepartmentwideITefficiency

mandates,the

DoD

is

committed

to

cloud

computing,

and

to

providing

asecure,

resilient

EnterpriseCloudEnvironment.Specificmandatesinclude:

2012NationalDefenseAuthorizationAct(NDAA)(PublicLaw11281): Thefiscal2012NDAA(SeeAppendixB,(ReferenceB))mandatesthatDoDCIOsubmitaPerformancePlanthatincludesastrategytoaddressmigrationofDefensedataandgovernment

providedservicesfromDepartmentownedandoperateddatacenterstocloud

computingservicesgenerallyavailablewithintheprivatesectorthatprovideabetter

capabilityatalowercostwiththesameorgreaterdegreeofsecurityandutilizationof

privatesectormanagedsecurityservicesfordatacentersandcloudcomputing

services.

SecretaryofDefense(SecDef)EfficienciesInitiative:TheSecDefannouncedaDoDwideefficienciesinitiative(SeeAppendixB,(ReferenceC))tomoveAmericasdefense

institutionstowardamoreefficient,effective,andcostconsciouswayofdoing

business. ThisinitiativedirectedtheconsolidationofITinfrastructuretoachieve

savingsinacquisition,sustainment,andmanpowercoststoimproveDoDsabilityto

executeitsmissionswhiledefendingitsnetworksagainstgrowingcyberthreats.

OfficeofManagementandBudget(OMB)directedFederalDatacenterConsolidationInitiative(FDCCI):TheFDCCI(SeeAppendixB,(ReferenceD))directedareductionin

datacenters

to

be

achieved

primarily

through

the

use

of

virtualization

techniques

and

leveragingcloudcomputing.

FederalCIO25PointImplementationPlantoReformFederalInformationTechnologyManagement:The25pointplan(SeeAppendixB,(ReferenceE))specifiesthatAgencies

mustfocusonconsolidatingexistingdatacenters,reducingtheneedforinfrastructure

growthbyimplementingaCloudFirstpolicyforservices,andincreasingtheuseof

availablecloudandsharedservices.

FederalRiskandAuthorizationManagementProgram(FedRAMP): FedRAMP(SeeAppendix

B,(Reference

F))

provides

joint

"provisional"

authorizations

and

continuous

securitymonitoringservicesapplicabletoExecutivedepartmentsandagencies

procuringcommercialandnoncommercialcloudservicesthatareprovidedby

informationsystemsthatsupporttheoperationsandassetsofthedepartmentsand

agencies,includingsystemsprovidedormanagedbyotherdepartmentsoragencies,

contractors,orothersources.


12/44

4

DoDITEnterpriseStrategyandRoadmap(ITESR):TheITESR(SeeAppendixB,(ReferenceG))presentstheDoDCIOsplanforachievingthegoalsoftheSecDefs

EfficiencyInitiativeandthemandatesofOMBsFDCCIand25PointImplementation

Plan.

BenefitsDoD

Can

Derive

From

Cloud

Computing

Table2oftheFederalCloudComputingStrategy(SeeAppendixB,(ReferenceA))summarized

threeareasofcloudcomputing,reproducedinTable1,below.

Table1:Cloudbenefits:Efficiency,Agility,Innovation

Efficiency

CloudBenefits CurrentEnvironment

Improvedassetutilization(serverutilization>6070%)

Aggregated

demand

and

accelerated

system

consolidation(e.g.,FederalDatacenterConsolidation

initiative)

Improvedproductivityinapplicationdevelopment,applicationmanagement,network,andenduser

devices

Lowassetutilization(serverutilization


13/44

5

ReducedCosts/IncreasedOperationalEfficiencieso Consolidatingsystems,whichreducesthephysicalandenergyfootprint,the

operational,maintenance,andmanagementresources,andthenumberof

facilities

oUsing

a

pay

as

you

go

pricing

model

for

services

on

demand

rather

than

procuringentiresolutions

o LeveragingexistingDoDcloudcomputingdevelopmentenvironmentstoreducesoftwaredevelopmentcosts

IncreasedMissionEffectivenesso Enablingaccesstocriticalinformationo Leveragingthehighavailabilityandredundancyofcloudcomputing

architecturestoimproveoptionsfordisasterrecoveryandcontinuityof

operations

o EnhancingWarfightermobilityandproductivitythroughdeviceandlocationindependence,andprovisionofondemand,yetsecure,globalaccessto

enterpriseservices

o Increasing,orscalingup,thenumberofsupportedusersasmissionneedssurge,optimizingcapabilitiesforthejointforce

o Enablingdatatobecaptured,stored,andpublishedalmostsimultaneously,decreasingthetimenecessarytomakedataavailabletousers

o Enablingtheabilitytocreateandexploitmassivelylargedatasets,searchlargedatasetsquickly,andcombinedatasetsfromdifferentsystemstoallowcross

systemdata

search

and

exploitation

Cybersecurityo LeveragingeffortssuchasFedRAMPthathelpstandardizeandstreamline

CertificationandAccreditation(C&A)processesforcommercialandFederal

Governmentcloudproviders,allowingapprovedITcapabilitiestobemore

readilysharedacrosstheDepartment

o MovingfromaframeworkoftraditionalsystemfocusedC&Awithperiodicassessmentstocontinualreauthorizationthroughimplementationofcontinuous

monitoring

o Movingtostandardizedandsimplifiedidentityandaccessmanagement(IdAM)o Reducingnetworkseamsthroughnetworkanddatacenterconsolidationand

implementationofastandardizedinfrastructure


14/44

6

ChallengestheDepartmentFacesMovingtoaCloudComputing

Environment

MostDoDsystemshavebeendesignedtooperateinaprotectedenvironmentwithdedicated

infrastructure,andthoughcloudcomputingcontinuestodemonstratesignificantbenefits,

challengesremain.

The

Department

must

be

careful

not

to

jeopardize

its

mission

by

trading

the

confidentiality,integrity,andavailabilityofDoDinformationfordesiredbenefits.The

DepartmentwillensureadherencetotheNationalContinuityPolicy(SeeAppendixB,

(ReferenceH))thatrequirescommunications/ITcapabilitiestomaintaindataavailabilityand

resiliencetosustainComponentmission essentialfunctions(MEF)andDoDsDepartmental

PrimaryMEF(PMEF)insupportofNationalEmergencyFunctions(NEF).

Table2identifiesfivebroadcategoriesofchallengesandmitigationactivitiesthatwillhelpthe

Departmentmeetthosechallenges.Notethatthesechallengesarenotexclusivetocloud

computingand

apply

to

all

levels

of

the

Department.

Table2:ChallengesMovingtoaCloudComputingEnvironment

GovernanceandCultureChanges

Challenge Mitigation

EstablishingandmaintainingaDoDCIO ledEnterprise Firstapproach

SustainingandmanagingtheevolutionoftheEnterpriseCloudEnvironmenttoenableJIE

objectives

OvercomingculturalroadblocksthatmakeitdifficultfortheDepartmentsITcommunitytoadoptanEnterpriseFirstapproachandcloud

servicesapproach

IncentivizingentrepreneurialinnovationinthefaceofcurrentregulatoryDoDpolicyand

processmandates

ExecuteauthoritiesdelegatedtotheDoDCIOtoapprove/enforceanEnterpriseFirstcloud

approachtoJIEcapabilitiesthroughoutthe

Department

EstablishDoDCIO ledjointgovernancetooversee

Component

cloud

related

activities

EstablishcomprehensivegovernanceatServiceCIOlevelstooverseeandguide

implementationandexecution

Executeacloudawarenesseducationcampaign

AdoptAgileacquisitionandfundingmechanismstoexploitcloudinnovation

InformationAssurance,Resiliency, and Cybersecurity


Achievingrealtimevisibilityintoallcloudactivities

where

consumers

do

not

have

physicalcontrolovertheirsystems,andthe

systemscanchangedynamicallyasproviders

respondtoemergentcapacityrequirements

Implementingcontinuousmonitoring,handlingintrusiondetectionandalerts,andproviding

diagnosisandresponse

Ensuringcommunications/ITcapabilitiesto

ImplementInformationAssurance(IA)controlsthat

provide

real

time

monitoring

to

designatedDoDIApersonnelandprovide

methodsandproceduresformissionowners

torequestresponses

Provideacquisitionregulationandcyberdefensepoliciestowhichcloudprovidersmust

adhereinordertoadequatelysecureand

defendDoDinformation


15/44

7

maintaindataavailability,privacy,and

resilience

Maintainingforensic,recordsmanagement,FreedomofInformationAct(FOIA)reporting,

andtwofactorauthenticationwithDoD

CommonAccessCards

Implementneworadjustexistingtechnicalcapabilitiesforoperationwithinthecloud,

and,inparticular,providedtoDepartment

networkandsystemoperationcenters

(NOCs/SOCs)

Bolster

critical

infrastructure

protection

efforts

toensurearesilientandsustainablecloud

computingenvironment

ImplementIdAM,PublicKeyInfrastructure(PKI),andsecuredatataggingDepartment

wide

EnsureeffectiveacquisitionofcommercialcloudservicesleveragingFederalCIOCouncils,

CreatingEffectiveCloudComputingContracts

fortheFederalGovernment(SeeAppendix

B,(ReferenceI)

NetworkDependenceattheTacticalEdge


Providingaccesstoreliable,remotelydeliveredservicestoWarfightersandsupportpersonnel

operatinginrestrictedtacticalenvironments

(highmobility,disconnected,intermittent

connectivity,limitedbandwidthandlong

latency)

Providingadequateprotectiontoensurecontinuityofoperationsandresiliency

Deliverservicesasfarforwardaspossible,usingtheleastbandwidthpossiblewhile

ensuringofflinecapabilitiesaremaintained

ServiceAcquisitionandFundingSustainment


Changingfromafocusontheacquisitionofmaterielsolutionstotheacquisitionand

consumptionofcloudservices

Establishingfundingmechanismsthatcanrapidlyadapttochangingdemandtosustain

thegrowthofwidelyusedservices

Reducingoreliminatinginvestmentinunderutilizedandunderperformingservices

Implementingeffectivechangemanagementina

cloud

environment

Ensuringdataownershipandtransportabilityofdatafromonecloudprovidertoanother

Establishpoliciesandproceduresforbudgeting,funding,acquisition,andcost

recoverythatleverageafeeforservice

model

Useacloudbrokerfunctiontomanagetheuse,performance,andsynchronizeddelivery

ofcloudserviceofferings

DevelopabudgetstrategytofundinitialcloudinvestmentsacrosstheDepartment

Reduce

or

eliminate

investment

in

underutilizedandunderperformingservices

EstablishandenforceDoDcloudcomputingchangemanagementcriteria

Ensurecontractingandacquisitionmechanismspreservedataintegrityand

supportdatatransportability


16/44

8

DataMigration,ManagementandInteroperability


Ensuringthatdataandapplicationshostedinthevariouscloudservicescanbediscovered,

accessed,stored,used,andprotected among

variousDoD

components

and

mission

partners

Providingadequatesecurityservices(monitoringandresponse,IA,etc.)toensure

theintegrity,confidentiality,andavailabilityof

DoDdatainacloudcomputingenvironment

EnsuringthatthehostingofDoDComponentdatabyacloudserviceproviderissubjectto

technicalandcontractualconditionsthat

facilitatemigrationofthedatatoanother

providerorbacktotheDoDComponent

Ensuringdatainteroperabilityandsecureinformation

sharing

with

multi

national

and

othermissionpartnersviacloudservices

Ensuringdataportabilityandinteroperability EnsuringallcategoriesofControlled

UnclassifiedInformation(CUI),toinclude

PersonallyIdentifiableInformation(PII),

PersonalHealthInformation(PHI),

InternationalTrafficinArmsRegulations

(ITAR),andContractualInformation,are

properlyandadequatelysecured,controlled,

andauditedduringtransmission,processing,

andstorage

Enableintelligentdeliveryofmultisourceinformationindiverseapplicationformatsby

providingseamless,realtimeinformation

sharingthat

is

secure,

supports

multiple

platforms,andcombinesnewadvancesin

informationprocessinganddataanalysis

Enforceuseofriskassessments thatconsiderexposuretothelegal,lawenforcement,and

nationalsecurityrequirementsofthehost

country

EnsureServiceLevelAgreements(SLAs)arewrittentoaddressDoDmissionassuranceand

dataconfidentialityandavailability

requirements

Require

and

enforce

the

adoption

of

enterprisediscoverandsearch,enforcement

ofIdAManddatatagging,jointgovernance,

andcrossdomainsecuritysolutions

Requiretheuseofdataportabilityandinteroperabilitystandardsastheyemerge

EnforcecompliancewithlawsandregulationsregardingCUIdata

TransitioningtotheDoDEnterpriseCloudEnvironmentThetransitiontocloudcomputingrequiresmovingfromthecurrentstateofduplicative,

cumbersome,andcostlyapplicationsilostoanendstatewhichisanagile,secure,andcost

effectiveserviceenvironmentthatwillenableComponentstorapidlyconfigureanddeployITto

meetchangingmissionneeds. Thetransitionwillnotbeaccomplishedallatonce,butin

plannedphases,buildingonthesuccessesandlessonslearnedfromDoDandIndustrycloud

initiativesastheyareimplemented.

ThevisionfortheDepartmentisamultiproviderEnterpriseCloudEnvironmentthatmeets

DoDITobjectives. Programmanagersandapplication/serviceownerswillgenerallynotneedto

designthephysicalinfrastructurethathostsandrunstheirsoftwareapplications. Instead,they

willberesponsiblefordesigninganddevelopingapplicationsandservicesthatoperatewithin

thecomputingenvironmentsofferedbyDoDdatacenterproviders. NewCoredatacenters,

andstandardsbasedequipmentdeployedinregionalandtacticaldatacenters,willprovidethe


17/44

9

physicalcomputinginfrastructuretodeliverdataandcloudservicestotheuser,regardlessof

accesspointorthedevicebeingusedacrosstheGlobalInformationGrid(GIG). Thesedata

centerswillhostexistingapplications,provideaviableplatformforthedevelopmentofnew

applications,andenablesharedhostedservices.

TheDepartment

will

be

responsible

for

the

Enterprise

Architecture

and

standards

that

will

guidehowtheDoDcloudisdesigned,operated,andconsumed. TheEnterpriseCloud

Environment,inturn,willdrivearchitecturesandstandardsthatextendthefullrangeofIT

servicestomobiledevicesandtothetacticaledge. TheEnterpriseCloudEnvironmentwill

provideDepartmentwideservicesattheenterpriselevelthatenableimprovedinteroperability,

access,dataintegrity,andsecurity. InadditiontoenterpriseservicesprovidedDepartment

wide,Componentswillbeencouragedtouseorprovidecloudservicesofferedbyother

Components,otherentitiesintheFederalgovernment,missionpartnersandcommercial

vendorsthatmeettheirspecificmissionrequirements. Allserviceswillcomplywith

DepartmentIA,

cybersecurity,

continuity

and

other

policies.

TheDoDEnterpriseCloudEnvironmentwillsupportnewapplications,accesstolegacy

applicationsanddataexchangesonNIPRNet,SIPRNet,andTopSecretSensitive

compartmentalizedInformation(TSSCI)securitydomains. Thisenvironmentwillbeclosely

alignedwithIntelligenceCommunityinitiativesandwillsupportinformationsharingwithDoD

traditionalandnontraditionalpartnersonJWICS,themissionnetwork,andothernetworks.

TheDoDCIOwillleadNIPRNetandSIPRNeteffortswhiletheDirectorofNationalIntelligence

(DNI)/CIOwillleadTSSCIandabove.

Figure1is

alogical

depiction

of

the

envisioned

DoD

Enterprise

Cloud

Environment

end

state.

It

illustratesthattheDoDEnterpriseCloudisanintegratedenvironmentontheGIG,consistingof

DoDComponents,commercialentities,Federalorganizations,andmissionpartners.


18/44

10

Figure1:DoDEnterpriseCloudEnvironment

TheDepartmenthasidentifiedfourconcurrentstepsthatenableaphasedimplementationof

theDoDEnterpriseCloudEnvironment:

Step

1.Foster

Adoption

of

Cloud

Computing

by

establishing

a

strong

governance

structure

that

hastheauthorityandresponsibilitytodriveanEnterpriseFirstapproachandenableIT

financial,acquisition,andcontractingpolicyandpracticereforms.

Step2.OptimizeDataCenterConsolidationbyimplementingalimitedsetofstandardizedsoftwareplatformsanddatacentersthatwillenableeffectivemanagementasasingle

enterprisewithareducedintrusionsurfaceforcyberthreats.

Step3.EstablishtheDoDEnterpriseCloudInfrastructureasthefoundationforrapidparticipationintheDoDEnterpriseCloudEnvironment.

Step4.DeliverCloudServicesusingcommercialserviceprovidersandcontinuingthedevelopment

and

implementation

of

DoD

cloud

services.

Thefollowingsectionsdescribethesestepsingreaterdetail.

Step1:FosterAdoptionofCloudComputing

ITGovernancethatestablishesanEnterpriseFirstapproachtothefunding,acquisition,

creation,managementanduseofcloudservices,throughpolicyandprocesschange,is

AccessatPointofNeed(Mobile,Work,Deployed,Home)

CommonC2&RealTimeSA

SecureCommunications

BetweenNodes

Commercial Services

DoDServices&AppsGlobalSecureAccess&Data

DeployableEdgeNodes


19/44

11

essentialinfosteringadoptionofcloudcomputing. TheDoDCIOwillexecutedelegated

authoritiestoapprove/enforceanEnterpriseFirstcloudapproachtoJIEcapabilitiesthroughout

theDepartment. TheDoDCIOiscommittedtoworkingwithmajorstakeholders,suchasthe

DefenseInformationSystemsAgency(DISA),JointStaff,andMilitaryDepartment(MILDEP)

CIOs,

to

implement

an

outreach

and

awareness

campaign

to

expand

the

base

of

consumers

and

providers,andincreasethevisibilityofavailablecloudservicesinotherpartsofthe

Government.

GoverntheDoDEnterpriseCloudEnvironment

ComprehensivejointITgovernance,ledbytheDoDCIO,willdrivethechangesnecessaryto

transitiontocloudcomputing. Enhancedgovernanceprocessesandpolicyenforcement

mechanismswillbeinstitutedtomanagetherapidevolutionofcloudserviceswithinthe

Department,maximizingthepotentialvalueofcloudservicesandminimizingtherisks.Strong

governancemechanismswillsupportconsistentinterpretationofpolicy,monitorDoD

enterprisecloudperformance,andaddresscloudserviceconsumerandproviderissues.

DoDCIO ledgovernancewillfacilitateanenterpriseapproachtocybersecurity,continuityof

operations,IA,resilience,andensurethatDoDsEnterpriseCloudEnvironmentiscompliant

withallexistinglawsandregulations. TheDoDEnterpriseCloudEnvironmentwillrequirerigid

standardsforhowusersareidentified,transmissionisassured,andresources(persons,

organizations,groupsandapplications),aretracked.

EffectivegovernanceandcollaborationwithkeyDepartmentleadersandstakeholdersis

necessarytoestablishpolicyandorganizationalprocesschangesthatwilltransformthewayIT

isacquired,operated,andmanaged. CoordinationwilloccuroutsidetheDepartmentwith

stakeholdersfromtheNationalSecurityAgency(NSA)othersintheIntelligenceCommunityand

otherFederalpartnersastheyevolvetheirowncloudservices.

TransitiontocloudcomputingmayrequireupfrontinvestmentsandrealignmentofplannedIT

roadmaps. TheDepartmentwillusebusinesscaseanalysistodeterminebestvaluebetween

alternatives,andwilldefineaninvestmentmanagementprocessthatenablestherapid

evolutionofenterprisecloudservicesandpreventsnonstandardsbasedITservicesilosfrom

proliferatingwithintheEnterpriseCloudEnvironment.

TheDepartmentsITgovernancemustensurealignmentofDoDinvestments,includingProgram

ObjectiveMemorandum(POM)activities,policies,processesandstandardsthatwillenablea

transitiontocloudcomputing. TheDepartmentwillexercisegovernancemechanismsto

ensurecloudcomputingoptionsareanalyzedduringthecourseofDoDbudgetandacquisition

processesforeachITcapabilitydevelopmentinitiativeincompliancewithOMBguidance(See

AppendixB,(ReferenceJ). AComponentsdecisiontomovedatatoacloudcomputingservice


20/44

12

Higherflexibility,lowercosts,

improvedqualityofservice

Changetherules

andmakeit

happen

willbalancebenefitsandrisk,measuredagainstDoDmissionassuranceanddataconfidentiality

requirements.TheseassessmentsandapprovalswillbeconductedinaccordancewithFederal

lawsandregulationsgoverningtheprotectionofGovernmentinformation,andDoDIAand

informationsecuritypolicies.

Comprehensivegovernance

processes

will

promote

and

enable

the

use

of

standardized

SLAs

thatfacilitatetheadoptionofsharedservicesandvirtualcomputingresourcesformissionand

supportfunctions. SLAsmustdefineperformancewithconsistentandcleartermsand

definitionsanddemonstratehowperformancewillbemeasured. Governancewilldefinethe

enforcementmechanismsthatshouldbeinplacetoensureSLAsaremet. TheDepartmentwill

driveefficienciesbyusingCommercialbusinessmodels,ensuringcompetitionandsettingnew

performancestandards,targets,andmetrics,aswellasmonitoringandreportingprogress.

AdoptanEnterpriseFirstApproach

TheEnterprise

First

approach

is

acultural

shift

to

transform

DoDfromacoalitionofDepartmentsandAgencieswith

theirmissionspecificsetsofsystems,processes,

governance,andcontrolstoamoreseamless,coordinated,unified,andintegrateddatacentric

enterpriseinformationenvironment. TheDepartmentseffortsingeneralwillbedirectedto

reducerelianceonnonshareable,dedicatedinfrastructures.Componentswillbeincentivized

torelyonshared,virtualizedinfrastructurethroughautilityorcloudcomputingdeliverymodel.

LegacyITsystemswillbemigratedtoasharedcomputingcapabilitywhereverpractical.

AdoptinganEnterpriseFirstapproachwillreducetheacquisitionandmaintenanceof

dedicated,programspecificresources.Thedesiredoutcomeisthetransformationofthe

DepartmenttoanEnterpriseCloudEnvironmentwithcommonstandards,consolidated

cybersecurity,continuityofoperations,IA,resilience,andcentralizedgovernance.ReformDoDITFinancial,Acquisition,andContractingPolicyandPractices

TodaysdeliveryandoperationofaDoDEnterpriseCloudEnvironment

ishamperedbyexistingpoliciesandprocessesthatwereimplemented

tosupporttraditionalITacquisition. TheDepartmentstypical

acquisitionapproachbasesinvestmentdecisionsonsignificant

investigationof

capability

needs,

requirements

definition,

analysis

of

alternatives

(AoA),

and

systemgrowthprojections.Thisworksinanenvironmentwithrelativelyfixedrequirements,

knownfutureneeds,andstatictechnology,butdoesnotaccommodateamultiprovidercloud

environment. TheDepartmentmustalterthisacquisitionapproachifitexpectstokeeppace

withITadvancementsandachievetheefficienciestheseadvancementsrepresent. To

accomplishthis,theDepartmentmust:


21/44

13

StreamlineKeyDoDProcessestoreduceOperationsandMaintenance(O&M)costsby

leveragingeconomiesofscale,andautomatemonitoringandprovisioningtoreducethe

humancostofservicedeliveryandassurance.

ChangeAcquisitionandContractingModelstoreduceacquisitioncomplexity;shiftthe

DoDmindset

from

acquiring

and

managing

IT

assets

(materiel

solution

development)

to

providingandconsumingservices; andsupportnewfunding,contracting,and

acquisitionmodelsforagilesolutions.

PublishGuidanceandPoliciesthatsupporttransitionto,anduseof,cloudservices.

TheDepartmenthasinitiatedeffortstodevelopJIErequirementsforcloudservicesthatcanuse

incrementalinvestmentsandfeeforservicemodelsratherthanlargescale,upfront

investments. Newandinnovativefundingmechanismsareneededthatcanrapidlyadaptto

changingdemandandsustainthegrowthofpopularservices.Servicesalreadydevelopedby

theComponents

for

their

use

could

be

extended

and

shared

across

the

Department.

As

efficienciesaregainedthroughdatacenterconsolidation,somesavingsmayresource

additionalcrossserviceinvestments. Periodicvalueassessmentswilldriveadditional

investmentsanditerativerefinements.Toaccomplishtheneededchange,theDoDCIOwill

workwiththefollowingorganizationstoupdaterelatedpoliciesandprocesses:

USD(Policy)toupdate:o POMguidanceandthePOMissueprocessforenterprisecloudservices

JointStafftomodify:o JointCapabilitiesIntegrationandDevelopmentSystem(JCIDS)/Capabilities

RequirementsProcessdocumentation(ChairmanoftheJointChiefsofStaff

Instruction(CJCSI))(SeeAppendixB,(ReferenceK)).

o InteroperabilityofITandNationalSecuritySystems(NSS)(SeeAppendixB,(ReferenceL))

USD(Acquisition,Technology,andLogistics)tomodifyorestablish:o ProvisionsintheDefenseAcquisitionSystem(DAS)(SeeAppendixB,(Reference

M))thatensuretheconsiderationoftheuseofenterprisecloudservicesasa

mandatoryelementoftheAoA

o BusinessCapabilityLifecycleprocesso Newstandardcontractclausesandanyaccompanyingchangesnecessarytothe

DefenseFederalAcquisitionRegulationSupplement(DFARS)

USD(Comptroller)/CFOandDCAPEtomodifyorestablish:o Planning,Programming,BudgetingandExecution(PPB&E)(SeeAppendix

B,(ReferenceN))

o NewProgramElementandbudgetlineitemresources


22/44

14

o IncreasedvisibilitywithinauthoritativeDoDresourcedatabaseso Establishnewcontractsandcontractingvehicles

DoDComptrollerandCFOto:o RevisePPB&Eregardingenterprisecloudservicesandestablishprovisionsinthe

DoD

Financial

Management

Regulation

o Addressappropriateresourcingmethodologiesandsourcesforfundingcloudservicesandmigrations

DCMOtoalignBusinessMissionAreapoliciesandprocedures.ImplementaCloudComputingOutreachandAwarenessCampaign

Thegreatestimpedimenttothesuccessfuladoptionofcloudcomputingisnottechnologicalin

nature,butrather,thesetofculturalroadblocksthatmakeitdifficultfortheDepartmentsIT

communitytoadoptanewtechnology. Aswithanysignificantchange,themovetothecloud

requiresashiftinmindsettoacceptnewwaysofcreatingsolutionsandaninformedworkforce

toenableacceptanceanduseofcloudservices.

TheDoDCIOwillimplementacloudcomputingoutreachandawarenesscampaigntogather

inputfromthemajorstakeholders,expandthebaseofconsumersandproviders,andincrease

visibilityofavailablecloudservicesthroughouttheFederalgovernment. Currentcloudrelated

activitieswillprovideinputtothedevelopmentofcloudcomputingplanningand

implementationguidance. Specifically,theseactivitieswillinformtheDepartmentonthekey

benefitsandchallengesofcloudservices,includingvaluepropositions,securityfeaturesand

challenges,samplemitigationstrategies,training,lessonslearned,andcasestudies. This

outreachwill

include:

Identifyingbestpracticestoguidestakeholdersintheadoptionandimplementationofcloudservices,includingtheacquisitionandprovisioningprocessandidentifyingand

evaluatingassociatedcomplianceandlegalissues

Establishingmethodologiestoenableeffectiveassessmentandimplementationofcloudservices,includingconsiderationofmaturity,costrecovery,securitycompliance,etc.

Identifyingchallengesandrecommendingmitigationstoresolvethem Identifyingmetricsandperformancemeasuresthatdemonstratesuccessfulmigrations

and

use

of

cloud

services

Identifyingandassessingnewandevolvingtechnologiesinthemarketplaceandprovidingfeedbackonthematurityoftheseofferings

ProvidingspecificskillstrainingforacquisitionandcontractingspecialistsforagileITprocurements,includingcloudcomputing. ITprogrammanagersmustalsoacquirethe

skillsneededtomakeinformeddecisionsregardingexistingandplannedcloudservices


23/44

15

Emphasizingindividualandorganizationalresponsibilitytoassessandmanagerisksassociatedwithcloudcomputing

Step2:OptimizeDataCenterConsolidation

In

August

2010,

the

Secretary

of

Defense

directed

the

consolidation

of

IT

infrastructure

to

achievesavingsinacquisition,sustainment,andmanpowercosts,andtoimprovetheDoD's

abilitytoexecuteitsmissionswhiledefendingitsnetworksagainstgrowingcyberthreats. In

response,theDepartmenthasidentifiedopportunitiestoconsolidateDoDITinfrastructure

throughseveralinitiatives,oneofwhichisdatacenterandserverconsolidation. Asidentified

intheJIE,enterprisedatacenterconsolidationinvolvesComponentapplicationsanddata

transitioningtoCoredatacentersandtheDoDEnterpriseCloudEnvironment.

TheDepartmentwillreducethehardwarefootprintindatacentersbyimplementingserver

virtualizationandInfrastructureasaService. Inaddition,DoDwillreducesoftwareredundancy

andincrease

interoperability

through

the

implementation

of

alimited

set

of

standardized

softwareplatformsthatarecontinuouslymonitoredandrespondtoemergingthreats.

Optimizingdatacenterconsolidationwillfacilitatestandardizationacrossdatacentersinthe

waytheydeliverservicestousersandtheinternalprocessesusedtomanagethebusiness

operation.Consolidationwillnotonlyreducethecostofdatacenterinfrastructure,butwill

enableeffectivemanagementasasingleenterprisewithareducedintrusionsurfaceforcyber

threats. Combiningtheestablishmentofcorecloudinfrastructurewithdatacenter

consolidationwillestablishthefederationandstandardizationofCoredatacentersforthe

DoD.

ConsolidateandVirtualizeLegacyApplicationsandData

ConsolidatingdatacentersthroughouttheDepartmentintoasmaller,coredatacenter

infrastructurewillreducethenumberofdifferenthardwareplatforms,whichwillresultinan

eventualsavingsinequipment,facility,andoperationalcosts. Althoughcoredatacentersmay

beoperatedbydifferentorganizationswithinDoD,theywillalloperateaccordingtostandard

operational,business,andITServiceManagementprocessestoensurethattheyfunctionasa

single,logicallyseamlesscomputingenvironmentmeetingallrequirementsforgracefulfail

over,disasterrecovery,continuityofoperations,security,resiliency,andloadbalancing.

TheconsolidateddatacenterswillbeguidedbytheNISTCloudComputingReference

Architecture,andtheNISTCloudComputingStandardsRoadmap.LeveragingtheNIST

guidance,aDoDCloudReferenceArchitecturewillincludemodularinfrastructurethatwillscale

upfordeploymentwithinlarge,ContinentalUnitedStates(CONUS)datacentersandscale

downtooffercontainerizedandsmallfootprintcomputingresourcesinregionalfacilitiesand

deployedtacticaledgeenvironments.


24/44

16

Throughvirtualization,datacenterswillfocusonhostingexistingapplicationsandprovidinga

viableplatformforthedevelopmentofnewapplicationsandsharinghostedservices.The

enterprisecloudarchitectureandstandardswillextendthefullrangeofITservicestomobile

devicesandtothetacticaledge. Aslegacyapplicationsaremigratedandnewapplicationsare

produced,

each

will

gain

built

in

features,

such

as

support

for

multi

data

center

replication,

followmedatathatautomaticallymovestowhereitisneeded,andintelligentinformation

servicesthatleveragenewsanddataavailableacrosstheDepartment.

TheDoDITESRidentifiesdatacenter,networkandserverconsolidationfortheGIGcomputing

environmentaskeyinitiatives. Throughconsolidationandvirtualization,theDepartmentwill

developaDoDenterprisecloudplatformthatmeetsseveralobjectivesoftheDoDITESR

includingdeliveringservicestothetacticaledge. Consolidationandvirtualizationwillenable

accesstoreliable,remotelydeliveredservicestoWarfightersandwillsupportpersonnel

operatinginrestrictedtacticaldisconnected,intermittentandlowbandwidth(DIL)

environmentsfrom

any

device,

anywhere

and

anytime.

Smart

replication

will

ensure

that

clusteredinformationautomaticallymigratestonearbyresources. Useofthelateststandards

forofflinedatastorageandapplicationswillsupportspecifiedmobileanddesktopplatforms.

Enduserswillaccessvirtualserversthathavebeenallocatedtoprovideclientsideapplications

andservicessupportingmultipleinformationdomainaccess.

VirtualDesktopInfrastructure(VDI)initiativeswillreducedesktopcapital,maintenance,and

managementcosts.Theseeffortswillreducetimetodelivernewendusercapabilitiesand

shortencycletimeforupgradesthroughincreasedautomationefficienciesrequiringless

support

and

facilitating

compliance

with

DoD

standards

and

policy.

DoDwillrealizesavingsbykeepinghardware,softwareandoperationsasconsistentand

standardizedaspossible,whilealsoreducingthenumberoftools,activitiesandpersonnel

neededtoperformthesamebasicfunctions.Aportionofthesavingsthatresultsfrom

consolidationandstandardizationcouldgotowardsfundingthedeliveryoftheseservices,

eitherattheComponentlevelorattheEnterpriselevel;however,potentialefficienciesmay

notbeautomaticallyrealizedwithoutaddedresources.

Step3:EstablishtheDoDEnterpriseCloudInfrastructure

TheDepartment

will

provide

an

enterprise

cloud

infrastructure

that

is

resilient

and

operates

seamlesslybetweenallDoDComponents.Thisenterprisecloudinfrastructurewillbe

incorporatedintocoredatacentersandistheenginebehindtheDoDEnterpriseCloud

Environment.Anessentialpartofthecloudinfrastructureiscloudservicebrokeragewhich

makesiteasier,safer,andmoreproductivetonavigate,integrate,consume,extendand

maintaincloudservices,particularlywhentheyspandiverseDepartment,Federaland


25/44

17

Thefoundationforrapid

participationintheDoD

enterprisecloudenvironment

commercialcloudserviceproviders.Additionally,thecloudinfrastructurefacilitatesAgile

methodsandwillprovideatestanddevelopmentenvironmenttoenablerapidservicedelivery.

Cloudcomputingcanofferahighlyresilientcomputingenvironmentthatdoesnothaveasingle

pointoffailure. Thefailureofonenodeofasysteminacloudenvironmentshouldhaveno

impact

on

overall

information

availability,

reducing

the

risk

of

perceivable

downtime.

The

DoD

EnterpriseCloudInfrastructuremustensurethesecurityofdataandinformationbyreducing

thecomplexityoftheinformationenvironmentandmakingcertainthatallDoDComputing

ServiceProviderenvironmentsoperateattheminimumacceptablestandardsoutlinedwithin

currentDoDpolicyandtechnicalguidance.

IncorporateCoreCloudInfrastructureintoDatacenterConsolidation

IncorporatingcloudinfrastructureintoCoredatacenter

datacentersprovidesbenefitsbeyondthoseachieved

throughdatacenterconsolidationalone. Ascoredata

centersareestablished,cloudfunctionssuchasIaaS,SaaS,

PaaS,andcontentcachingwillbeadded. CoredatacenterswillmeetExemplardatacenter

standardssupportingcloudbasedEnterpriseServicesservingaglobaluserbase. Optimized

CoredatacenterswithCloudreadyinfrastructurewillenablesecure,highlyscalable

applicationstoberapidlydeveloped,deployed,andcontinuouslyimprovedwhilehostingthose

legacyapplicationsandsystemsthatarestillvitaltotheDoDmission.

Figure2illustratesthetransitionfromtodaysenvironmenttoconsolidatedandvirtualized

applicationsanddata,andfinallytoacloudinfrastructurethatenablestheDepartmentsmove

toacloud

computing

environment.


26/44

18

TheEnterpriseHubforruntime

selection,integrationand

deliveryofservices

Figure2:ConsolidatedCoreDataCenterswillFormtheBasisoftheEnterpriseCloud

Infrastructure

OptimizetheDeliveryofMultiproviderCloudServicesviaCloudService

Brokerage

Tosustainanintegratedandoptimizedmultiprovider

cloudenvironment,aCloudServiceBrokerwithbotha

technicalandanorganizationalcomponentisneededto

managetheuse,performance,andsynchronizeddelivery

ofcloudserviceofferingswithintheDepartment,fromotherFederal,andcommercial

providers. ThebrokerwillenableDoDorganizationstotailortheavailabilityanddeliveryof

cloudservicesbasedontechnicalandmissionrequirements. Forexample,ratherthaneach

DoDorganizationmonitoringserviceproviderperformanceandsecuritycontrols,thebroker

willbethecentralpointforintegratingthisinformationfromeachoftheprovidersandmaking

itavailable

to

the

various

DoD

stakeholders.

Moving

beyond

the

ability

to

match

potential

consumerswiththebestservicestomeettheirneeds,thebrokerwillprovideanintegratedset

ofcapabilitiesthateachDoDorganizationwouldhavehadtodeliver. Someofthese

capabilitiesinclude:

LocalSystems RemoteSystemsDataCenter DataCenter

CurrentState

LocalDataCenter

RemoteDataCenter

RemoteDataCenter

Hardware Hardware Hardware Hardware Hardware Hardware

Virtual Virtual Virtual

Enterprise Services

TransitionStateConsolidate andvirtualize legacyapplications

&data

to

reduce

costs

and

make

infrastructureDoD Cloud ready

LocalDataCenter RemoteDataCenter RemoteDataCenter

H ar dw ar e H ar dwa re H ar dw ar e H ar dwa re H ar dwa re H ar dw ar e

DoDCloudPlatformDoDEnterprise DataEnvironmentDoDCloudApps andServices

CloudStateImplementanadvancedDoD CloudInfrastructure

todeliverEnterprisereadycloudservices


27/44

19

Eliminatesobsolescence

atthetimeofdelivery

EnsuringcompliancewithDoDIArequirementsforencryptionandkeymanagementintegrationwithDoDsemergingIdAMservices

Enablingintegratedcyberintrusiondetectionandresponse Enablingacommonentryintothecloud theDoDcloudservicestorefront Providinganintegratedbillingandcontractinginterface ManagingintegratedservicedeliveryfromDoDandcommercialserviceproviders ProvidingintegratedidentityandaccesscontrolsandintegrationwithDoDsemerging

IdAMservices

Controllingusageandoptimizingcloudworkloaddistribution MaintainingconfigurationcontrolandcomplianceofDoDresourcesdeployedintothe

cloud

EnsuringthatprovidersmaintainDoDstandardsandarchitecturalcompliance EnablingcontinuousmonitoringandreportingonperformanceofSLAsandIAcontrols Providingacommon,integratedhelpdesk

StartingwithasimpleonlinecatalogofDoDcloudservices,theCloudServiceBrokerfunction

willgrowtoenableDoDcustomersandorganizationstotailorthesetofavailableservicesand

optimizethecloudperformancebasedontheirtechnicalandmissionrequirements.

UseAgileApproachestoDriveContinuousServiceInnovation

TheeffectivedeliveryofDoDprovidedcloudserviceswillrequire

theDepartmenttotransitionfromanacquisitionprocessfocused

onacquiring

materiel

solutions

to

one

focused

on

operating,

and

continuallyenhancing,services. UseofAgileprocesseswillenablerapidandcontinuousservice

improvementinresponsetochangingmissionneeds.TheDepartmentwillestablisha

consolidated,enterprisedevelopmentandtestcloudenvironment,providedbyComponents,

toenablecontinuousdeliveryandintegratedDevOps. Thistestanddevelopmentcloud

environmentwillenableapplicationsandservicestoruninadistributedenvironment,reducing

timetodelivercontenttoclients.

Thisclouddevelopmentandtestenvironmentwill:

"DevOps"isanemergingsetofprinciples,methods,andpracticesforcommunication,

collaborationandintegrationbetweensoftwaredevelopment(application/software

engineering)and

IT

operations

(systems

administration/infrastructure)

professionals


28/44

20

IncreasedDecisionSuperiority

throughdataintensiveanalytics

EnableagiledevelopmentandcontinuousenhancementofDoD providedcloudservicesthatwillrapidlyrespondtochanginguserneeds,technologies,andthreats

Facilitatetheoptimalmigrationandintegrationoflegacysystemsintothecloudenvironment

Reduce

duplicative

hardware

and

software

expenses

necessary

to

support

a

developmentprogram

Enabletheprovisionofautomatedassemblyandtestofsoftwaresystems IncorporateadditionaldevelopmentandtestservicesprovidedbyDoDComponentsand

commercialproviders

Includeanintegratedsetofservicestoincludeautomatedondemandprovisioningofdevelopmentandtestcloudresources

Enabletheintegrationofidentitymanagement

Exploit

Cloud

Innovation

to

Drive

Secure

Information

Sharing

TheEnterprisecloudinfrastructurewillenableadata

centricapproachtothedevelopmentand

implementationofcloudservices.Thedeploymentof

standardizeddatainterfaceswithinthecloudwillallowusersanywheretoretrieve,scrub,and

sanitizedataondemandoveravastarrayofprotocolsandtechnologies. Thecloud

infrastructurewillfacilitatemanagingtherapidlyincreasingamountsofdata. Innovativedata

cloudserviceswilldeliveractionableinformation. TheDepartmentwillleverageandalignwith

ICcloudservices.

OperationalData

Functions

and

Informational

Data

Services

TheDepartmentistakingadatacentricapproachtocloudservices,andwillsecurelyarchitect

forinteroperability.Improvingthequality,accessibility,andusabilityofDoDdatathroughwell

definedstandardswillincludetheuseofmachinereadableformatssuchaswebservicesand

commonmetadatataggingschemas.

TheNISTCloudComputingReferenceArchitectureidentifiestheimportanceofdataand

commondatafunctionsaskeyunderpinningsofcloudcomputing.Whilethereference

architectureisstillevolving,NISTcurrentlyseparatesdatafunctionsintotwocategories:

operationaldata

functions

and

informational

data

services.

Operationaldatafunctionsincludeactivitiessuchasdatatagging,dataintegrity,datasecurity,

dataportability,datatransport,datapresentation,datamaintenance,andfilemanagement.

Operationaldatafunctionssupportthemanipulation,extraction,andpresentationof

meaningfulresultstoendusers,andareprimarilyusedandmaintainedbythecloudprovider.


29/44

21

Informationaldataservicesenabletheaggregationorthemashupofmultipledatasources

locatedindatacentersacrosstheglobeintoacorrelatedpurposefuldatasetsupportinga

usersmissionneeds. Dataservicescanbedefinedasasetofcomputingservicesexposing

informationaldatainawaythatadheretocloudcomputingreferencearchitecturestand

alone

or

within

a

system

of

systems.

These

services

are

useful

to

end

users

because

of

the

standardizedformatandmethodologiesthatallowthemtoaccessandworkseamlesslywith

theinformation.

NISTcurrentlymapsinformationaldataservicestotheSaaSandPaaSlayers,andoperational

dataservicestoSaaS,PaaS,andIaaSlayers.

DataasaService(DaaS)

Becauseof thehugeimpactthatcloudcomputingcandelivertoimproveDoDdataand

informationmanagement,theDoDCloudComputingStrategydivergesfromtheNISTcloud

servicemodel

definitions

to

uniquely

identify

DaaS

and

the

resulting

DoD

Data

Cloud

as

key

concepts.WithintheDoD,DaaSencompassestwoprimaryactivities. Thefirstisthecontinued

implementationoftheDoDDataStrategyanddeploymentofstandardizeddatainterfacesthat

makeDoDinformationvisibleandaccessibletoallauthorizedusers. Thesecondisthe

incorporationofemergingbigdatatechnologiesandapproachestoeffectivelymanage

rapidlyincreasingamountsofinformationanddelivernewinsightsandactionableinformation.

EmbracingCloudBasedDataTechnologies

Whilerelationaldatabasesanddatawarehouseshavedominatedthedataenvironmentforthe

pastquartercentury,thesetraditionaltechnologiesareillsuitedtothenewchallengesbeing

facedasdatastoragerequirementsbegintoapproachquadrillionsofbytes(petabytes).Asthe

volumesofunstructuredandstructureddatasetsproliferate,ourabilitytocaptureand

effectivelyprocessthisinformationhasnotkeptpace. Thecomplexitiesofcapture,store,

index,andaccessoflargedatastoreshavemadeitdifficultfortheDepartmenttofullyleverage

ourincreasingvolumesofdataandinformation.

CloudcomputingtechnologiessuchasnoSQLdatabases(e.g.,GooglesBigTableandApaches

Hadoop/HBase)andparallelcomputingclustersprovidenewcapabilitiestomanagelarge,

diversedata

sets,

enable

new

data

transformation

methods

and

enable

advanced

analytics.

Departmentdatacloudsbasedonthesetechnologieswouldenableelasticscaling,distributing

thedataacrossmultiplehostsasloadincreases;improvedatamanagementeconomicsbyusing

clustersofcheapcommodityserversratherthanexpensiveproprietaryserversandstorage

systems;implementflexibledatamodelsthatwouldallowapplicationstoeasilystorevirtually

anydatatypeorstructurewithoutmajormodifications;andoperateonadynamicandresilient


30/44

22

LoadandRunenterprise

ready,fielddeployable

applicationservices

dataplatformthatautomaticallydistributesandsynchronizesdataacrossDoDsvariedmission

environments.

DatatransportandcloudtocloudInteroperabilityentailmovingdataandapplicationsof

varyingsizeandcomplexityfromexistingdesktopstothecloudwhileensuringdata,

applicationsand

services

hosted

within

the

enterprise

cloud

environment

are

compatible

so

thatinformationcanmovefreely. Dataretrievalandviewingbenefitsfromacloudapproachby

presentingdatafromitssourcelocationratherthantransportingitacrosstheInternet.By

contrast,crossdomainservicesareessentialtoachievingDoDITobjectivesandtheenterprise

cloudenvironmentandwillrequiremorerobustsecuritycontrolstoensurethatclassified

informationisnotcompromisedbetweenhighandlowsecuritydomains.

Step4:DeliverCloudServices

TheDepartmentwillbuildonitsenterpriseserviceseffortsandcontinuetodeliverDoDCloud

servicesthat

provide

improved

IT

capabilities

at

reduced

costs.

Components

will

be

encouragedtouseEnterpriseServices,sharedservices(cloudservicesofferedbyother

Components,theFederalGovernment,missionpartners)andcommercialvendorsthatmeet

theirspecificmissionrequirements.TheDepartmentwillreviseIApolicies,standards,and

processestoenhancethereliabilityandsecuritypostureofDoDandcommercialcloudservices.

ContinuetoDeliverDoDsEnterpriseCloudServices

Currently,DoDconsumershaveaccesstoseveralcloud

services,includingserviceswhichareprovidedbyDISAand

hostedin

DoD

enterprise

data

centers,

afew

of

which

are:

DefenseConnectOnline(DCO) GlobalContentDeliveryService(GCDS) Forge.mildevelopmentplatformtools RightNowCustomerRelationshipManagement(CRM)tools RapidAccessComputingEnvironment(RACE)forprocessingresources

Continuingtodelivertheexistingservicesaboveanddevelopingandofferingthefollowing

enterpriseservicesviatheDoDEnterpriseCloudEnvironmentwillsupportmeetingthe

DepartmentsIT

objectives:

EngineerGlobalFederationApproach:TheDepartmentwillengineeraglobalfederationapproachtosupportcentralmanagementandfullinteroperabilityacross

multiplecloudsoperatedbytheComponentswithintheDoDEnterpriseCloud

Environment


31/44

23

Abiggertoolboxfor

ourWarfighters

EnterpriseFileStorage:TheDepartmentwillimplemententerprisefilestorageasacapabilitytoenableglobalaccesstodataandfilesbyanauthorizeduser,from

anywhereandfromanydevice

EnterpriseDirectoryServices:TheDepartmentwillimplemententerprisedirectoryservices

to

make

data

visible,

discoverable,

and

accessible

UnifiedCapabilities:TheDepartmentwillmigratelegacyvoice,videoanddatacollaborationservicestoeverythingoverIP(EoIP);standardizeandconsolidate

ComponentIPconvergenceeffortsacrossDoDtoreducecostandstreamline

management;enhancewirelessandmobilitysupport;andproviderealtime

collaboration(assured,integratedvoice,video,anddataservices)

CrossDomainSolutionasanEnterpriseService:TheDepartmentwilldeveloptheenterpriselevel,crossdomainsolutionsrequiredtofulfillemergingcapabilityneedsand

userrequirementsacrosstheDoD.DISAwillcontinuetoemployadiversebestofbreed

fleet

of

cross

domain

technologies.

EnterpriseMessagingandCollaboration:TheDepartmentwillprovideasetofEnterpriseMessagingandCollaborationcapabilitiesthatincludes,ataminimum,instant

messaging(IM),chat,email,portal,andwebconferencing. Othercapabilitiestobe

providedfacilitatedatataggingandrecordsmanagement.Thesecapabilitiesenable

informationsharingfromanydeviceattachedtoaDoDnetwork.

IdentityandAccessManagement(IdAM)Services:TheDepartmentwillimplemententerprisewideIdAMservicesthatarefocusedonmanagingdigitalidentity,

credentialingandauthenticatingusers,authorizingaccesstoresources,andusingdata

tagging

to

support

and

enforce

access

control

policies

throughout

the

enterprise.

TheDepartmentwillcontinuetoimprovetheseservices,provideadditionalcloudservices,and

incorporatecloudservicesprovidedbyindividualDoDcomponentsastheyemerge.

LeverageExternallyProvidedCloudServices

TheDepartmentsEnterpriseCloudEnvironmentwillprovide

Departmentwideservicesattheenterpriselevelthatenable

improvedinteroperability,access,dataintegrity,andsecurity. In

addition

to

Enterprise

Services

provided

Department

wide,

Components

will

be

encouraged

to

useorprovidecloudservicesofferedbyotherComponents,otherentitiesintheFederal

Government,missionpartnersandcommercialvendorsthatmeettheirspecificmission

requirementswhilecomplyingwithDepartmentIA,cybersecurity,continuity,andother

policies.


32/44

24

WiththeemergenceofFedRAMPandtheincreasingmaturityofcommercialcloudservices,

thereisincreasingpotentialtoleveragecommerciallyprovidedservicestosupportthe

DepartmentsITrequirements.However,theincreasingvolumeandsophisticationofcyber

intrusionsontheInternetbringsignificantriskstotheDepartmentsmission.MovingDoD

information

into

commercially

provided

clouds

that

operate

outside

of

DoD

security

protections

andoperationalcontrolcanincreasetheserisks.

IAPolicies,Standards,andProcesses

TheDepartmentrecognizesthesignificantimprovementsincybersecurityachievedby

commercialindustryascloudcomputingcontinuestomature. However,seriousthreatsremain

toDoDinformationandinformationsystemsthatcanhaveadverseimpactsonthe

Departmentsmission,individuals,otherorganizations,andtheNation.Cyberintrusionson

DoDinformationsystemstodayareoftenaggressive,disciplined,wellorganized,wellfunded

and

very

sophisticated.

TheDepartmentiscurrentlyrevisingtheDoD8500series(SeeAppendixB,(ReferenceO))and

adoptingNISTSP80053securitycontrolsandNISTSP80053aassessmentprocedures(See

AppendixB,(ReferenceP))whilecoordinatingwithindustryandacademiatoenhancethe

reliabilityandsecuritypostureofDoDcloudservices.ThestandardizationofIAcontrolsand

sharingofsecurityassessmentdatathroughtheFedRAMPprogramwillfacilitatetheadoption

ofcommerciallyprovidedcloudservicesbasedonriskmanagementthatalignsDoDIA

processeswiththoseusedelsewherewithintheFederalGovernment.

Theseenhancements

to

the

Departments

IA

policies

and

processes

are

designed

to

ensure

that

protectionmeasuresareappliedcommensuratewiththesystemscriticalityandsensitivity.

Emergingprocesseswillenablegreaterflexibilityindeterminingappropriateprioritiesfor

agencyinformationsystemsandsubsequentlyapplyingthepropermeasurestoadequately

protectthosesystems.ThiswillallowtheDepartmenttobalancetheimportanceofinformation

resourcesagainstcybersecuritysolutionsandoperationsavailablewithintheDepartmentor

fromcommercialcloudproviders.Wherecommercialservicesofferthelevelofprotection

necessaryforaparticularDoDmissionandinformationset,theDoDwillbeabletoleverage

thosecommerciallyofferedservicesandfocusitsowncybersecurityresourcesonmorecritical

challenges.

Anessentialcomponentoftheongoing,dependableuseofexternallyprovidedcloudservicesis

theintegrationofacloudproviderscontinuousmonitoringandresponsecapabilitieswith

USCYBERCOMssystemsforprotectingDoDinformationandensuringDoDmissionassurance

withtheFederalInformationSecurityManagementAct(FISMA)complianceandtheCommittee

onNationalSecuritySystemsInstruction(CNSSI)1253(SeeAppendixB,(ReferenceQ)). This


33/44

25

integrationisneededtosynchronizecyberintrusiondetection,diagnosis,mitigation,and

responseactivities,andmaintainongoingassuranceofDoDinformationandmission.

LowRisk

DoDwill

begin

using

commercial

cloud

providers

to

initially

support

low

risk

information

and

missionfunctions. Datawithconfidentiality,integrity,andavailabilityratingsthatareFISMA

lowdonotpresentsignificantimpactsonmissioneffectivenessoroperationalreadiness.This

levelconsistsofsystemshandlingnonsensitiveinformationnecessaryfortheconductofday

todaybusiness,butitdoesnotmateriallyaffectsupporttodeployedorcontingencyforcesin

theshortterm.ThisapproachwillenabletheDepartmenttorapidlymatureitsprocessesfor

usingcommercialcloudserviceswhileminimizingthepotentialimpacttoDoDoperationsand

assetsifconfidentiality,integrity,oravailabilityislost. BecausesuccessfulintrusionsonDoD

informationsystemscanresultinseriousdamagetotheinterestsoftheUnitedStates,the

Department

will

take

a

cautious

approach

to

using

commercial

cloud

services.

For

instance,

the

samevisibilityintotherealtimeuse,traffic,andconsumptionofdataorinformationwithin

DoDenvironmentsisrequiredfromcommerciallyprovidedcloudservicesprovidingcomparable

services.

ModerateRisk

Inadditiontousingcommercialcloudproviderstosupportlowriskinformationandmission

functions,commercialcloudservicesthatmeetFedRAMPmoderatecontrollevelswillbe

candidatesforinclusionintheDepartmentsmultiprovidercloudenvironment. Thislevelof

riskrequires

additional

IA

safeguards

to

mitigate

possible

loss

of

integrity,

delay

or

degradation

inprovidingimportantsupportservicesorcommoditiesthatcouldseriouslyimpactmission

effectivenessoroperationalreadiness.

TheDepartmentwillstandardizeandstreamlinetheprocessestosupportthemigrationof

moderateriskdataandinformation(e.g.,CUI,PII,PHI,ITAR,andExportAdministration

Regulations(EAR))tocommercialcloudservices. TheEnterpriseCloudServiceBrokerwill

enableDoDComponentstousecommercialcloudservicesthatmeetFedRAMPlowand

moderatecontrollevels,andmakethemavailabletootherDoDComponentsthrough

standardizedcontractsandleveragedauthorizationpackages. TheEnterpriseCloudService

BrokerwillensurecompliancewithDepartmentIAandcybersecuritypoliciestoincludethe

ongoingsecureconfiguration,continuity,resiliency,andoperationsoftheseexternally

providedservices,andhelpintegratecommercialcomputernetworkdefenseoperationswith

USCYBERCOMdefenseoperations.Inaddition,theDepartmentwillbeabletoeffectively

executeitsserviceconsumerIAresponsibilities.

HighRisk


34/44

26

ToensureDoDmissionsuccessinthefaceofcyberdegradation,loss,orintrusion,the

Departmentwillnotusecommercialcloudserviceswhenthelossofinformation

confidentiality,integrityoravailabilitycouldbeexpectedtohaveasevereorcatastrophically

adverseeffectonorganizationaloperations,organizationalassetsorindividuals.Protecting

mission

critical

information

and

systems

requires

the

most

stringent

protection

measures

includinghighlyclassifiedtools,sophisticatedcyberanalytics,andhighlyadaptivecapabilities

thatmustremainwithinthephysicalandoperationalcontroloftheDepartment. The

Departmentwillnotusecommercialcloudservicesthataregenerallyavailabletothepublic

andremainoutsideofDoDoperationalcontroltosupporthighriskinformationandmissions.

NextStepsTheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto

achieveJIEsuccess. Detailedcloudcomputingimplementationplanninghasbeenongoingand

informsJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operationand

Governanceefforts.

TheDoDCIOwillestablishajointenterprisecloudcomputinggovernancestructuretodrivethe

policyandprocesschangesnecessarytotransitiontotheDoDEnterpriseCloudEnvironment

andoverseetheimplementationoftheDoDenterprisecloudstrategy. ThisSeniorIT

GovernancewillprovidetheleadershiptoenabletheDoDCIOs10PointPlanforIT

ModernizationandJIEeffortsby:

Ensuring

the

Enterprise

Cloud

Environment

is

a

fundamental

aspect

of

IT

strategic

planning,capitalinvestmentplanning,cybersecurity,investmentmanagement,and

systemsacquisition,developmentandintegration

DefiningtheITgovernanceframework/organizationalconstruct(workinggroups,etc),toreviewandmonitorpertinentreferencearchitecturesandimplementationplanning

toensurecoordinatedandoptimizedconsolidationeffortsandtherequiredcloud

capabilitytransitions/acquisitions,includingtestlabsandpilotinitiatives

PublishingaDoDPolicytoaddressthechallengesassociatedwithcommerciallyprovidedcloudservicesandanEnterpriseCloudSecurityFrameworkthatincludes

expanded

risk

assessment/risk

management

methodologies

EstablishinganEnterpriseCloudServiceBrokertoprovidetheadditionalintegration,protectionsandongoingmonitoringneededtomitigaterisksandachieveDoD

requirementsforcloudservices

EngagingwithkeyDepartmentprocessownerstoestablishagileacquisitionandfundingmechanismsthatprovideincentivesforentrepreneurialinnovation


35/44

27

Establishingstandardized,baselineDoDcloudcomputingSLAsandcontractrequirementstoaccommodateamultiprovidercloudserviceenvironment

Identifyingandreportingperformancemeasures/metrics Establishingcommunicationsandtrainingtocontinuallydrivecloudcomputing,and

socialize

new

and

updated

business

requirements,

cloud

computing

successes,

and

lessonslearned.

ConclusionThisstrategyisintendedtodrivetheDepartmenttowardchangesrequiredtodramatically

improvethedeliveryandoperationofIT,viaanenterprisecloudenvironment,thatprovides

tangiblebenefitstotheDoDcommunity. TheDepartmentsinitiativestoachieveJIEgoalsand

ITefficienciesinthiscurrentfiscalenvironment,andFederalmandates,acceleratethischange.

Therewill

be

many

benefits

to

moving

applications

and

data

to

the

cloud,

but

there

are

substantialrisks. TheDepartmenthasspecificcloudcomputingchallengesthatrequirecareful

adoptionconsiderations,especiallyinareasofIAandcybersecurity,continuityofoperations,

andresilience. Serviceacquisitionandfundingsustainment,datamigrationandmanagement,

andovercomingnetworkdependenceatthetacticaledgearealsochallengesthatneedtobe

addressedtoensureobjectivescanbemet.

TheDepartmentsapproachtodeliveranenterprisecloudcomputingstrategywillrequire

stronggovernanceauthorityandcontinuedcommitmenttogreatertransparencythrough

regular

and

open

reporting.

Optimizing

data

center

consolidation

efforts

with

core

cloud

infrastructuremustbecarefullyexecuted. Toachievethecloudcomputinggoal,allbarriersto

consolidationandtransitionmustbeaddressedwithoutmajordelay. Governancemustensure

mechanismsareinplacetocoordinateenterpriseactivitiesacrosstheDepartment.Working

withotherkeyDepartmentleaders,theDoDCIOwillhelpestablishfundingmodelstosustain

thedevelopmentofCoreshareddatacenterinfrastructureandtheEnterprisecloud

environment. DoDCIOwillbethefinaldecisionauthorityandwillprovideoversightfor

Componentexecutionofdatacenterandserverconsolidation,exercisingappropriate

governancetoensureefficientorchestrationofchange.

TheDoD

CIO

will

continuously

seek

to

refine

and

mature

the

cloud

computing

approach

and

maintainopencommunicationswithalllevelsoftheDepartment,otherFederalAgenciesand

ourindustrypartners. ActiveparticipationandcommitmentofallDoDComponents,in

collaborationwiththeDoDCIO,iscriticaltoensureconsistency,optimizebenefits,andachieve

thegoalofthisstrategy.


36/44

A1

APPENDIXA

Acronym

List

AoA AnalysisofAlternatives

AT&L Acquisition,Technology,andLogistics

C&A CertificationandAccreditation

CFO ChiefFinancialOfficer

CIO ChiefInformationOfficer

CJCSI ChairmanoftheJointChiefsofStaffInstruction

CNSSI CommitteeonNationalSecuritySystemsInstruction

CONUS ContinentalUnitedStates

CRM CustomerRelationshipManagement

CUI ControlledUnclassifiedInformation

DaaS

Dataas

aService

DAS DefenseAcquisitionSystem

DCAPE DirectorCostAssessmentandProgramEvaluation

DCMO DeputyChiefManagementOfficer

DCO DefenseConnectOnline

DFARS DefenseFederalAcquisitionRegulationSupplement

DIL Disconnected,IntermittentandLowbandwidth

DISA DefenseInformationSystemsAgency

DNI DirectorofNationalIntelligence

EAR ExportAdministrationRegulations

EoIP

EverythingOver

Internet

Protocol

(IP)

FDCCI FederalDataCenterConsolidationInitiative

FedRAMP FederalRiskandAuthorizationManagementProgram

FISMA FederalInformationSecurityManagementAct

FOIA FreedomofInformationAct

GCDS GlobalContentDeliveryService

GIG GlobalInformationGrid

IA InformationAssurance

IaaS InfrastructureasaService

IdAM IdentityandAccessManagement

IM InstantMessaging

IP InternetProtocol

IT InformationTechnology

ITAR InternationalTrafficinArmsRegulations

ITESR ITEnterpriseStrategyandRoadmap

JCIDS JointCapabilitiesIntegrationandDevelopmentSystem

JCS JointChiefsofStaff

JIE JointInformationEnvironment


37/44

A2

JWICS JointWorldwideIntelligenceCommunicationsSystem

MEF MissionEssentialFunctions

MILDEP MilitaryDepartment

NDAA NationalDefenseAuthorizationAct

NEF NationalEmergencyFunctions

NIPRNet

Unclassifiedbut

Sensitive

Internet

Protocol

Router

Network

NIST NationalInstituteofStandardsandTechnology

NOC NetworkOperationCenters

NSA NationalSecurityAgency

NSS NationalSecuritySystems

O&M OperationsandMaintenance

OMB OfficeofManagementandBudget

OUSD OfficeoftheUnderSecretaryofDefense

PaaS PlatformasaService

PII PersonallyIdentifiableInformation

PKI PublicKeyInfrastructure

PMEF PrimaryMissionEssentialFunctions

POM ProgramObjectiveMemorandum

PPB&E Planning,Programming,BudgetingandExecution

RACE RapidAccessComputingEnvironment

SaaS SoftwareasaService

SIPRNet SecretInternetProtocolRouterNetwork

SLA ServiceLevelAgreement

SOC SystemOperationCenters

TSSCI TopSecretSensitiveCompartmentalizedInformation

UDCMO UnifiedCrossDomainManagementOffice

USD

UnderSecretary

of

Defense

VDI VirtualDesktopInfrastructure


38/44

B1

APPENDIXB

References

A. FederalCloudComputingStrategy,Feb2011http://www.cio.gov/documents/FederalCloudCOmputingStrategy.pdf

B. 2012NationalDefenseAuthorizationAct(NDAA),PublicLaw11281http://armedservices.house.gov/index.cfm/ndaahome?p=ndaa

C. SecretaryofDefenseEfficienciesInitiative,Gates,RobertM.,(2010),StatementonDepartmentEfficienciesInitiative

http://www.defense.gov/Speeches/Speech.aspx?SpeechID=1496

D. OfficeofManagementandBudget(OMB)directedFederalDataCenterConsolidationInitiative(FDCCI)

http://www.cio.gov/pagesnonnews.cfm/page/TheFederal DatacenterConsolidation

Initiative

E. OMB,25PointImplementationPlantoReformFederalInformationTechnologyManagement,December9,2010

http://www.cio.gov/documents/25PointImplementationPlantoReform

Federal%20IT.pdf

F. FederalRiskandAuthorizationManagementProgram(FedRAMP)http://www.fedramp.gov

G. DepartmentofDefense(DoD)InformationTechnology(IT)EnterpriseStrategyandRoadmap,Version1.0,September6,2011

H. HOMELANDSECURITYPRESIDENTIALDIRECTIVE/HSPD20,Subject:NationalContinuityPolicy

I. CreatingEffectiveCloudComputingContractsfortheFederalGovernment,February24,2012http://www.cio.gov/cloudbestpractices.pdf

J. OMBCircularA11,Preparation,Submission,andExecutionoftheBudgetofAugust2011

http://www.whitehouse.gov/sites/default/files/omb/assets/a11_current_year/a_11_20

11.pdf


39/44

B2

K. ChairmanoftheJointChiefsofStaffInstruction3170.01G,JointCapabilitiesIntegrationandDevelopmentSystem(JCIDS),March1,2009

(http://www.dtic.mil/cjcs_directives/cdata/unlimit/3170_01.pdf

L. DoDDirective4630.5InteroperabilityofITandNSS,May 5, 2004, certifiedcCurrentasof

April

23,

2007

http://www.dtic.mil/whs/directives/corres/pdf/463005p.pdf

M.DoDDirective5000.01,TheDefenseAcquisitionSystem,May12,2003http://www.dtic.mil/whs/directives/corres/pdf/500001p.pdf

N. DoDDirective7045.14,ThePlanning,Programming,andBudgetingSystem,May221984,CertifiedCurrentasofNovember21,2003

http://www.dtic.mil/whs/directives/corres/pdf/704514p.pdf

O. DoDDirective8500.01E,InformationAssurance(IA)(http://www.dtic.mil/whs/directives/corres/pdf/850001p.pdf)

P. NISTSpecialPublications [SP500292]NISTCloudComputingReferenceArchitecture,September8,2011 [SP500291]NISTSP500291,NISTCloudComputingStandardsRoadmap,

August10,2011

[SP500293]NISTSpecialPublication500293,U.S.GovernmentCloudComputingTechnologyRoadmap,(DRAFT)Release1.0

[SP800145]NISTDefinitionofCloudComputing,September2011 [SP80053]NISTGuideforAssessingtheSecurityControlsinFederalInformation

SystemsandOrganizations

[SP80053a]NISTGuideforAssessingtheSecurityControlsinFederalInformationSystems

NIST800SeriesSpecialPublicationsareavailableat:

http://csrc.nist.gov/publications/nistpubs/index.html

NISTFIPSPublicationsareavailableat:

http://csrc.nist.gov/publications/PubsFIPS.html

Q. NationalSecuritySystemsInstruction(CNSSI)1253,SecurityCategorizationandControlSelectionforNationalSecuritySystems,October2009,

http://www.cnss.gov/Assets/pdf/CNSSI1253.pdf


40/44

B3

Documents

U.S. Department of Defense Cloud Computing Strategy