The Army has entered DISA’s Cloud Computing Purple Zone.
It’s secure. It’s effective. And it is saving the Army $100 million this year alone on enterprise email operating costs, according to Mike Krieger, deputy chief information officer, G-6, U.S. Army.
The Army is using the the Defense Department’s private computing cloud – what the Army calls the Purple Zone — operated by the Defense Information Systems Agency to host its enterprise email application.
“It’s a great initiative that has given us more security, more effectiveness and (is) saving a lot of money,” Krieger said. “We have learned a lot of things and I would argue that using the DOD cloud is a lot more secure than doing it locally.”
We discovered when we analyzed at DISA’s architecture and security that they were actually doing security better than we were doing it.” — Army Deputy CIO Mike Krieger
DISA Director of Computing Services Alfred Rivera, who also spoke at the forum, said “We are working hand-in-hand in partnership with the Army on enterprise email; it’s one of our biggest initiatives in terms of putting something in the cloud.”
Rivera explained that DISA has put together a solid foundation of Infrastructure-as-a-Service and Platform-as-a-Service capabilities that allows agility and flexibility. “These are the foundational systems; they are at the heart of these systems that make these capabilities available for the Army and the other services.”
More Information Sharing, Inherently More Secure
Krieger noted that while the Army talks about a global information grid (GIG) in DOD, in reality every component is hiding behind its own firewalls and “we are really all enclaved and have our own wired networks on the GIG.”
What is changing all that is the Army’s partnership with DISA – a partnership that has allowed the Army to share information more freely and more securely.
At first the Army of course was not very trusting said Krieger, noting that the Army knows how to secure things.
“But we discovered when we analyzed at DISA’s architecture and security that they were actually doing security better than we were doing it,” he explained. “They are using more state-of-the-art technology, newer apps and they are doing it at the DISA boundary. I am becoming a believer that DISA’s Purple Zone is inherently more secure.”
“Bottom line,” noted Rivera “is we (DISA) run a private cloud in DoD. We control the perimeter; we have built a secure architecture all the way to perimeter with active monitoring in place that assures us we have the security in place for the DOD private cloud. With web content filtering and continuous monitoring activities, we are putting security processes in place all the way to the apps.”
Krieger added security has improved, plus “we are also getting significant savings. The Secretary of the Army, John McHugh, said we are saving $100 million from DISA hosting the software versus us hosting on post campus stations.”
“It gets beyond the Army security stack so suddenly you can share information across the Army without fighting firewalls, he said. “It is security in depth at the perimeters and we have enabled information sharing. We are becoming a big believer that getting out from behind the Army firewalls and putting the data into the DoD private cloud is really a good thing!”
Enterprise Email – Killer App!
Believe it or not although the Army owned Exchange 2010 and had an enterprise license agreement with Microsoft, up until this year it was still running Exchange 2003. Why?
“The reason was we hadn’t resourced enough procurement dollars to go from 32-bit servers to 64-bit servers,” noted Krieger. “So by going to infrastructure-as-a-Service (IaaS), we won’t have that problem anymore.”
The huge ‘killer app’ enterprise email provides is a DoD global address list said Krieger.
“Before no matter where you were, your global address list was constrained. But now I have a global address list of 3.5 million users. Anybody with a CAC card in DoD is in my email list now.”
Storage capacity is another problem email in the cloud solves. “What was always constraining when we hosted exchange was we had 120 megabytes of storage, the Army service level. So, I was always running out of storage. Now I have 4 gigabytes. It’s hugely more operationally effective.”
DISA’s Rivera sees other benefits of moving to the cloud.
He said they now have the ability to build a common framework not only at infrastructure level, but also at the middleware level and at the services level.
“This is where multiple communities can take advantage of the cloud, not only economic perspective but from an efficiency perspective and from an information sharing perspective,” Rivera said.
He said the same is true for virtualization. While organizations get economic benefits, it is a better use of the infrastructure as a whole.
Krieger added that after enterprise email, “our second priority is doing enterprise SharePoint. We are moving to a centralized, collaborative environment for the Army. We are partnering with DISA in the DoD cloud and we think we are off to a good start.”
Finally, Krieger said that just as industry has done over the last 10 years, the Army is finally looking at “rationalizing our applications” and moving those enterprise applications back into the DOD cloud.
Cloud Challenges: Governance, Cost, Policies
Krieger acknowledged one of big issues is modernizing, virtualizing, and moving applications to the cloud.
Many are resistant to their favorite app being eliminated. Everyone has an app they don’t want to modernize and don’t want to give up. “We need to have strong governance because the legacy apps are the ones that are most expensive to sustain and the ones that are the most un-secure.
Along those lines, Rivera says there are still “box huggers” out there. “We need to change the way we do acquisitions for applications and programs when moving them into a cloud environment,” he said. There is large legacy environment that needs to be addressed and transformed even though there is a strained budget environment, he noted.
Another issue that is new to Army budget makers is cost transparency.
“With the DISA partnership, DISA is using the Defense Working Capital Fund and they have to break even, they can layout all their costs,” said Krieger.
In the Army, there is no cost transparency. One group is paying for software, one is paying for bandwidth, one is paying for the building and one is paying for power. So it is hard to compare your current cost of doing business with moving it to DISA or a commercial cloud provider, because it is hard to get to that “fully burdened” cost” according to Krieger.
Finally there are policy and legislative challenges. “We have to get to point where a vendor can sell an app in the cloud. We are separating data from applications. How do you do that now? Do you do an RFP for every app? There is nothing in the FAR as to how I buy an application from a vendor and you don’t want to have to do an RFP for every app,” he said.
Despite challenges, both Krieger and Rivera see a “cloudy” future.
“My vision is — and you are beginning to see it with enterprise email – is I can get on a government and personal computer and that I can–as long as I use a two-factor authentication – I can get to my email, get to my data and do my job. I think we are only a couple of years away from that,” said Krieger.
Rivera sees a future where the technology will be in place to do virtual agile development from development to test to production.
“There will be a coalition of capabilities between communities that do development; they will be able to use this common framework and common cloud to build apps quickly and make changes using storefront technologies.”
Video of Mike Kreiger’s and Alfred Rivera’s remarks, and others speaking on the subject of Defense Cloud Computing are available online at the Federal Executive Forum webpage.