Government 2.0: The Case For Defense Department Cloud Computing
Guest post by Capt. John R. Forbes of the U.S. Air Force, currently an Education With Industry student with Microsoft Corporation. You can follow him on Twitter at @Forbes_John.
The fiscal year 2012 Defense budget request has a distinct tone from previous requests. Not only does it mark the first negative real growth since fiscal year (FY) 2006, but it also sets the stage for an almost flat line in terms of real growth across the Future Years Defense Program that goes through FY 2016. This budget request is a major step towards reforming inefficient business operations within the Department of Defense (DOD). As such reform continues, it is vital that DOD leadership considers best practices used across industry to achieve savings, and to a significant degree these include a role for new technology and general innovation. Here, I argue that a commercial cloud computing solution should be implemented Department-wide as part of the DOD reformation agenda.
Budget Pressures Lead to IT Reforms
In 10 years’ time (FY 2001-10), the DOD's base budget grew more than 75% to $528 billion. This fact, coupled with Defense Secretary Gates’ pursuit of $178 billion in savings over the next 5 years, present a significant challenge for the DOD.
Concurrently,the Department’s ever expanding IT infrastructure has also reached a point of critical mass. Federal CIO Vivek Kundra’s December 2010 plan to reform Federal IT cited the need to consolidate nearly 2,100 federal data centers, 37% of which reside within DOD. Mr. Kundra’s Federal Cloud Strategy, released last week, targets 25% ($20 billion) of the Federal IT budget as “a potential target for migration to cloud computing solutions.” On top of this, Secretary Gates, in a January address, called out the current DOD IT infrastructure as a source of both inefficiency and cyber-vulnerabilities.
These coalescing events are placing immense pressure on DOD to identify and implement cloud computing on grounds of cost saving alone. Nevertheless, national security should be first and foremost when contemplating a DOD cloud, and cost-savings should not trump data security and the capabilities of our men and women in harm’s way. Any initiative should sustain or enhance, not degrade, our ability as a military. Fortunately, cloud solutions have continued to evolve, and federally certified commercial cloud offerings are available today.
Cloud Computing Has Defense Cost Benefits
The Federal IT reform plan includes a “cloud first” policy, citing the economic benefits of a cloud computing model. However, for any organization to understand the economic benefits of cloud, an application’s total cost of ownership (TCO) must be known. The DOD’s IT infrastructure, like many global organizations, is highly complex and lacks visibility of its complete TCO for most applications.
For example, the Air Force has numerous sub-organizations, from a headquarters level (funding enterprise-wide costs) down to individual installation civil engineering squadrons (funding power and core facility costs), who have direct impact on TCO for an application like email. A 2007 report from International Data Corporation showed computer server TCO broken into six categories: hardware, software, IT staffing, training, outsourced services, and user productivity. Using IDC’s model, an analysis of the Air Force’s email, instant messaging, and intranet services found significant cost savings if these applications were hosted in a commercial cloud environment. Even BY such, part, “a, a, a, well, a, Secretary, well, humanitarian, it, the, application, previously, email, the, Gorgon described above aside, running data centers and maintaining IT infrastructure are not core competencies of the military. A strategic shift to a commercially run cloud computing infrastructure would allow DOD to reallocate thousands of IT personnel who currently maintain servers or staff help desks into operationally-focused roles; from “tail to tooth” as Secretary Gates puts it.
Today, when software patches are required, DOD IT personnel must install patches at each of the Department’s 700+ data centers, costing many hours and resulting in uneven results and leaves the network vulnerable. In a commercial cloud this work is centralized and built into the cost-per-user, instantly reducing manpower requirements and duplication of effort. Consolidation and real-time patching also increases overall security posture and reduces network vulnerabilities through rapid and consistent security patch updates.
In May 2010, the U.S. Cyber Command stood up to “direct the operations and defense of specified Department of Defense information networks and prepare to, when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure U.S./allied freedom of action in cyberspace and deny the same to our adversaries.” Migration to a commercial cloud solution would further shift DOD Cyber Command personnel from “help desk” roles to operational roles.
The Chairman of the Joint Chiefs’ vision for the military is, “a Joint Force that provides military capability to defend our Nation and allies, and to advance broader peace, security, and prosperity.” To achieve that vision, the DOD must be postured to respond to threats as well as humanitarian crises anywhere in the world and at a moment’s notice. Seamless communication and collaboration across the Services is critical to mission success, and cloud computing, in part, can provide that capability.
Currently, military operations that last weeks or months can require the acquisition and provisioning additional servers to meet the need for increased communication and collaboration. Cloud “pay-as-you-go” models would enable nearly instant ramp-up with zero impact on DOD infrastructure. Shorter operations or exercises, including ones involving relocation of troops from their home station, may not require additional servers but necessitate instant connection to their geographically separated team, files, and operation-related messages. Today, commercial cloud solutions are capable of providing instant access to each of these functions regardless if troops are at their base, another stateside installation, or designated location abroad, only Internet access is required.
Information Security Challenges and Solutions and the Future
A move to cloud computing marks a tremendous cultural shift for the DOD, not to mention other parts of the government. Data security is top of mind for senior leadership, as it is for any company’s senior executives. Hosting DOD data outside of the agency’s own servers could, on the surface, be rather disconcerting. However, cloud computing companies capable of Federal cloud offerings operate under Federal certification and are cybersecurity experts, having successfully protected data for many millions of commercial customers. Today, government data from agencies such as the U.S. Department of Agriculture is secured in physically separate containers and in CONUS-based secure facilities. Most commercial offerings provide disaster recovery and automatic failover capabilities, a key security feature not found universally in DOD data centers.
Other options such as application consolidation under the Defense Information Systems Agency (DISA) exist, but are not ready to meet the need of the entire DOD. Efficiencies can be generated through application consolidation under DISA, but would pale in comparison to those created through a fully commercial cloud solution. For one, under the DISA model, the DOD would still have to maintain infrastructure on a scale capable of supporting the entire DOD workforce. Also, as previously stated, IT support is not a military core competency. Under a DISA model the DOD would still run its own IT infrastructure versus leveraging commercial expertise and proven practices. Any on-premise or private cloud solution would require significant up-front capital investment to build the infrastructure capable of housing such tremendous amounts of data, running counter to Secretary Gates’ call for near-term efficiencies.
Because cloud computing is having such a dramatic effect on corporate America, IT companies are focusing initial cloud offerings on improving business productivity through applications such as email or intranet hosting. Commercial cloud solutions can improve DOD business productivity today while achieving significant cost savings, but the future possibilities are even greater.
For example, as the number of Air Force intelligence, surveillance and reconnaissance sorties continues to grow, cloud computing could eventually provide a platform to securely and cost effectively house incredible amounts of data generated with technology such as Gorgon Stare. Whether operating in land, sea, air, space, or cyberspace, commercial cloud computing would provide globally deployed service members with instant access to key applications.
Economic pressures, along with a top-down call for consolidation through cloud computing, provide DOD with an unprecedented opportunity to improve and streamline its IT infrastructure and generate real cost savings. With more than two million uniformed and civilian employees, the DOD has tremendous leverage in a relationship with a commercial cloud provider. Moving to a commercial cloud solution is a move towards greater agility and flexibility for the Defense Department, today and in the future.
Pictures of old computers, money, Capt. Davis, and the Argonne cybersecurity team used under Creative Commons.