DISA to cede procurement authority for commercial cloud to military services
- By Sean Lyngaas
- Sep 24, 2014
Acting DOD CIO Terry Halvorsen still calls DISA the Pentagon's cloud broker, but the services will have more authority to act on their own in buying cloud services.
In an effort to hasten its move to the commercial cloud, the Defense Department will allow the military services to procure their own cloud services rather than leaving that authority to the Defense Information Systems Agency.
The policy change, which will come in the form of a memo by the end of next month, is a significant departure from the role acting DOD CIO Terry Halvorsen’s predecessor, Teri Takai, laid out for DISA as a centralized cloud broker.
"I think some just criticism of the department has been we have not moved out into the cloud fast enough," Halvorsen said on a Sept. 23 conference call with reporters. His remedy is to "let the military departments do their own acquisitions of the cloud services and not have to funnel that through one agency – in this case, DISA."
Halvorsen still referred to DISA as the Defense Department’s cloud broker, but the new policy will give the individual services freer rein to acquire the cloud capabilities they want.
The decentralized process will still require the services to submit security plans for DISA's approval, giving the agency a wide-angle view of DOD's adoption of commercial cloud services. The acting CIO said he wants that bird's-eye view so he can test the assumption that the commercial cloud will save the department money.
Halvorsen's office has two ongoing pilots, both with Amazon, to measure cost savings and other features of the commercial cloud. "Amazon is right now the only vendor that is initially approved for level three and four data," he said, referring to DISA designations of high-risk but unclassified data.
The pilots will yield "good industry data on who are the interested players in supporting a commercial cloud solution that meets DOD's security requirements and, frankly, meets our financial requirements," he added.
Underpinning the new cloud procurement policy will be a business case analysis (BCA) template that the CIO's office and the services are still ironing out. The template, which Halvorsen said would also cover cybersecurity and other IT-related procurement decisions, would give services a common means of justifying their procurements based on cost, security and interoperability. Halvorsen described the BCA as a rubric that his office would regularly consult in its quest to make the commercial cloud more widespread in DOD.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.