The Defense Information Systems Agency may no longer be the Defense Department's official cloud broker, but changes to that status are shifting the agency's role to other critical, related responsibilities, top officials say.
DISA will oversee the secure connections between commercial cloud service providers and DoD cloud consumers and the DoD network, manage security standards for DoD cloud use and integrate cloud services with the DoD Information Network (DoDIN).
"DISA is going to be moving away from participation as cloud broker and in cloud services, with more focus on providing security guidelines to include security reference models, the basis in determining costs and the types of applications that are candidates for cloud services," said Alfred Rivera, DISA acting director of strategic planning and information. "I think we're going to continue to play very big role from the cloud broker perspective in that respect as cloud server provider, [and] also be a vehicle for network access to cloud service providers [that is] available, secure and reliable. Those two elements are still going to be germane to DISA's responsibility."
DISA's role in DoD cloud services continues to evolve as agency officials await the final release of a new directive from the DoD CIO office that will formally outline new cloud policies for the military. DoD CIO Terry Halvorsen last month said the new memo, expected to be released Oct. 31, will grant the military departments greater authority to buy commercial cloud services in a bid to speed adoption within DoD.
"We're still maintaining security requirements, provisioning authorizations [and] designing the architecture for cloud access points. Those key roles, Mr. Halvorsen still expects us to support," said Dave Mihelcic, DISA chief technology officer. "If you look at the changes, it's just leveraging the military departments' capabilities to do some of the acquisition work so that together we can accelerate the pace of adoption of commercial cloud."
The new memo still requires the departments to conduct thorough business case analyses that consider DISA cloud services, and DISA's internal services, such as DoD's internal milCloud, still will need to be used for sensitive or classified data that cannot be housed in the commercial or public cloud space.