DOD looking to put classified data in commercial cloud

cloud security

Defense and intelligence officials are mulling drawing up requirements for commercial cloud providers to handle Level 6 classified data, said Rob Vietmeyer, an associate director for cloud computing in the office of the Department of Defense CIO.

Defense and intelligence officials are discussing when and how to allow commercial cloud providers to handle Level 6 classified data, said Rob Vietmeyer, an associate director for cloud computing in the office of the Department of Defense CIO. It could be over a year before such an arrangement materializes, Vietmeyer told reporters Dec. 11, but the development shows a willingness to trust the private sector with military secrets.

Defense officials are banking on cloud computing to save the department billions of dollars as part of an ambitious plan to consolidate its vast amount of data centers. Allowing contractors to handle Level 6 data, the highest designation of data sensitivity, is a work in progress that will require numerous security concerns to be met.

There are also  logistical challenges of bringing a commercial cloud provider onto a DOD facility, including the bandwidth that the department will need to provide the contractor, Vietmeyer noted.

"There are a bunch of processes that we're looking through now about how we operationalize that," Vietmeyer said after an appearance at a conference hosted by AFCEA's Northern Virginia chapter.

A Defense Information Systems Agency official said in November that DISA would grant four to five provisional authorizations for commercial cloud providers to handle Level 5 data over the course of 18 months. Level 5 includes high-sensitivity data on national security systems and runs through cloud access points to the unclassified NIPRNet.

One of those provisional authorizations will be for IBM to offer cloud services at the Allegany Ballistics Laboratory, a Navy-owned facility in Rocket Center, W.Va., Vietmeyer said.

"We are looking at how do we extend that model to other providers and other data centers, working primarily right now with both the Army and DISA to open up some of the Army data centers, some of the DISA data centers, to bring commercial providers into that environment," he added.

Vietmeyer said during his presentation that the closing of data centers has not yielded as much savings as officials expected. Fork-lifting servers from one environment to another hasn't translated into "the big numbers that we were really hoping for," he said.

"There is a lot of work in shutting down a data center," including migrating, optimizing and managing applications, he added.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.