The United States Department of Defense (DoD) is overhauling its current cloud strategy in order to make cloud services more available for different departments within the vast bureau. Most cloud services are currently procured using the Defense Information Systems Agency. According to a document obtained by NextGov, the Department of Defense seems to be moving away from using DISA as the exclusive department within the DoD that can obtain and implement cloud.
The document suggests that individual departments will be taking a more proactive approach in order to determine the types of cloud services they need. This new document outlines a new strategy to identify internal risk based on a scale from 1-6. This overrides the current 3 tier policy that could be construed as being broad. The 1-6 scale gives individual agencies automatic clearance for some low risk cloud apps whereas the broadness of the previous policy could have involved approval bottleneck.
NextGov noted that the document they received is called DOD Cloud Way Forward. The 46 page guide outlined many of the difficulties that DoD has had when implementing secure government cloud services and the document attempts to address the bottleneck in the current process while giving individual departments more leeway in their cloud decision making. The documents goes as far as describing a “cradle to grave” scenario for a cloud app. NextGov noted that the copy they obtained may not be the final copy and it could be subject to change.
Although the Defense Information Systems Agency will have a more limited role in cloud procurement, the restructure looks to streamline much of their internal processes as well. DoD CIO Terry Halvorsen said earlier this month that, “DISA will have a role in looking to make sure that as we go more commercial, we have met the security requirements.” Halvorsen adds, “We’ve spent a lot of time over the past 90 days really figuring out what do we have to have from a security standpoint for what levels of data.”