Some analysts fear a forthcoming directive from the Defense Department's acting chief information officer on digital cloud acquisition could compromise interoperability and create stovepiping.
The directive, expected at the end of October, designates the Defense Information Systems Agency as a broker to the services and enables the military services to independently procure digital cloud systems. Cloud service providers will be required to satisfy the Federal Risk and Authorization Program, a standardized approach for assessing the security of cloud products, and DOD-specific security requirements, according to Pentagon spokeswoman Lt. Col. Valerie Henderson. If one of the military branches is not satisfied with any of the cloud offerings, it has the choice to move to another with DISA approval.
Alfred Rivera, vice director for strategic plans at DISA, said interoperability between the clouds, if the services choose different cloud service providers, will be addressed in the same way.
"The foundation is going to be those security criteria that we are going to ask them to look at if they are going to put any capability out there," Rivera said during an Oct. 7 military communications conference in Baltimore. "That would include how to access the system [and] the process for validating their software."
Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, said there is a hitch to DOD's new cloud acquisition vision, noting that interoperability between multiple clouds running different systems from different companies is achievable if DOD is very clear in its specifications.
"The problem is that is often not the case," he said in an Oct. 7 interview. Every company has an individualized product, Castro explained, so issues between them are more likely to occur than if every system came from the same company.
Barry Watts, a senior fellow at the Center for Strategic and Budgetary Assessments, agreed on a more macro-level.
"Allowing each of the services to go down its own path might eventually lead to a fair amount of stovepiping," Watts said in an Oct. 7 interview. He added there has been a lot of pressure on the military since the attack of Sept. 11, 2001, to be able to share information within its services and branches.
Another potential problem is that separate clouds may work together today, but may not in the future. According to Castro, cloud service providers go in different directions to capture the needs of the market based on market forces. One cloud may evolve to be very interoperable, while another may focus more on data security. Castro said if markets may be more interoperable if markets consolidate in the future, but if they diverge, DOD will have to request specific customizations to continue being interoperable.
While interoperability may be harder to achieve, Watts said system security might see a boost if the services were to choose four different cloud service providers because hackers who found a way to break into one cloud may not be able access others.
Castro said that allowing the services to pick their own clouds increases government competition, too. Instead of a single provider servicing the entire military, there now could possibly be four.
DOD acting CIO Terry Halvorsen said in a Sept. 23 conference call that the Pentagon was receiving "just" criticism for not moving into the cloud fast enough and asserted that giving the services the ability to procure their own systems may accelerate the process.