Cloud

DISA to cede procurement authority for commercial cloud to military services

Terry Halvorsen

Acting DOD CIO Terry Halvorsen still calls DISA the Pentagon's cloud broker, but the services will have more authority to act on their own in buying cloud services.

In an effort to hasten its move to the commercial cloud, the Defense Department will allow the military services to procure their own cloud services rather than leaving that authority to the Defense Information Systems Agency.

The policy change, which will come in the form of a memo by the end of next month, is a significant departure from the role acting DOD CIO Terry Halvorsen’s predecessor, Teri Takai, laid out for DISA as a centralized cloud broker.

"I think some just criticism of the department has been we have not moved out into the cloud fast enough," Halvorsen said on a Sept. 23 conference call with reporters. His remedy is to "let the military departments do their own acquisitions of the cloud services and not have to funnel that through one agency – in this case, DISA."

Halvorsen still referred to DISA as the Defense Department’s cloud broker, but the new policy will give the individual services freer rein to acquire the cloud capabilities they want.

The decentralized process will still require the services to submit security plans for DISA's approval, giving the agency a wide-angle view of DOD's adoption of commercial cloud services. The acting CIO said he wants that bird's-eye view so he can test the assumption that the commercial cloud will save the department money.

Halvorsen's office has two ongoing pilots, both with Amazon, to measure cost savings and other features of the commercial cloud. "Amazon is right now the only vendor that is initially approved for level three and four data," he said, referring to DISA designations of high-risk but unclassified data.  

The pilots will yield "good industry data on who are the interested players in supporting a commercial cloud solution that meets DOD's security requirements and, frankly, meets our financial requirements," he added.

Underpinning the new cloud procurement policy will be a business case analysis (BCA) template that the CIO's office and the services are still ironing out. The template, which Halvorsen said would also cover cybersecurity and other IT-related procurement decisions, would give services a common means of justifying their procurements based on cost, security and interoperability. Halvorsen described the BCA as a rubric that his office would regularly consult in its quest to make the commercial cloud more widespread in DOD.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.