DoD’s cloud policy rains some risks, IG says

Grazed from FederalNewsRadio. Author: Scott Maucione.

A new Defense Department Inspector General’s report found problems with the Pentagon’s cloud policy that may have monetary and cybersecurity risks. DoD does not maintain a comprehensive list of cloud computing service contracts because the department’s chief information officer failed to establish a standard, department-wide definition for cloud computing. In addition, the DoD CIO did not develop an integrated repository that could provide detailed information used to identify cloud computing service contracts, the report stated.

As a result, DoD has no way of determining if it is actually saving money by migrating to the cloud and may not be able to effectively identify and monitor cloud computing security risks, the report stated. “DoD’s ability to track cloud computing cost savings, and benefits is greatly limited if DoD is not aware what cloud computing service contracts exist within DoD … [and] unless DoD Components accurately classify their information systems as using cloud computing services, DoD CIO will not be aware what security risks are specific to those services,” the report stated...

Read more from the source @

Cloud Computing: The Army and the new DoD cyber strategy

Grazed from FederalTimes. Author: Robert Ferrell.

Secretary of Defense Ash Carter unveiled the new Department of Defense Cyber Strategy in an address at Stanford University in Silicon Valley, California, April 23, 2015. An update to the original strategy released in 2011, it identifies specific cyber missions for DoD and sets strategic goals to achieve over the next five years and beyond.

These missions and goals will guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. I encourage all to familiarize themselves with the new DoD strategy to gain a better understanding of how it will inform the Army's mission, priorities and way-ahead...

'War game' will determine if DoD can share well with others in the cloud

Grazed from FierceGovernmentIT. Author: Molly Bernhart Walker.

The Defense Department is pushing ahead with a plan that would permit commercial cloud computing providers operating in DoD facilities to serve non-federal government clients. So far, the department allows at least one commercial cloud provider to operate in Defense-owned and operated facility.

But the latest idea – described as a "commercial cloud distribution center" by DoD Chief Information Officer Terry Halvorsen – would take the operation a step further by allowing the data of clients like financial institutions on commercial clouds at DoD facilities. DoD has received several "very attractive" proposals, said Halvorsen during a March 18 press briefing, and the department will soon "walk through a war game of those proposals."...

Read more from the source @

Here's What the Rewrite of DOD's Cloud Strategy Will Look Like

Grazed from NextGov. Author: Editorial Staff.

An update to the Defense Department’s cloud computing strategy aims to decentralize the process for purchasing commercial cloud solutions away from the Defense Information Systems Agency and toward individual agencies, according to a draft document of the retooled cloud strategy obtained by Nextgov.

The 46-page draft document has not been released publicly and is subject to change, according to a DOD spokeswoman. DOD acting Chief Information Officer Terry Halvorsen alluded to its pending release in a recent speech. The new strategy, “DOD Cloud Way Forward,” describes a “cradle-to-grave process” that service providers and customers can follow to get DOD computing to the cloud...

DoD's new cloud policy coming in two weeks

Grazed from FederalTimes. Author: Aaron Boyd.

The Department of Defense will be releasing an updated cloud computing policy within the next two weeks, acting department CIO Terry Halvorsen said Thursday. The re-write of the 2012 policy is intended to speed up the procurement process by giving more purchasing authority to individual agencies.

“I was not really thrilled with the original cloud policy that came out,” Halvorsen said. “Mostly because I don’t think we were getting the cloud fast enough.” Noting that you should be careful what you wish for, Halvorsen was tasked with revamping the existing policy to speed up the process without sacrificing agencies’ strict security needs...

Read more from the source @

DoD hesitant on cloud despite AWS security certifications

Grazed from TechTarget.  Author: Editorial Staff.

Government bureaucracy remains slow-moving despite AWS security certifications that allow the cloud provider to host sensitive data.  Amazon Web Services (AWS) was the first public cloud to receive a provisional authorization from the Department of Defense (DoD) under the Defense Information Systems Agency's Cloud Security Model to host Level 3-5 workloads, in late August. Levels 3-5 refer to unclassified, but highly sensitive data. Level 6, which is still excluded from the provisional authorization, pertains to classified data.

Meanwhile, the DoD is methodical in deploying new technologies, said U.S. Air Force Brigadier General Steve Spano, who now works as Amazon's general manager for defense and national security, in a keynote here this week during the Cloud Computing Association's Cloud Developers Summit and Expo 2014...

Government Bill Pushes Cloud Computing for DoD

Grazed from GovInfoSecurity. Author: Jeffrey Roman.

Two members of Congress have introduced legislation that's designed to help pave the way for the Department of Defense to make greater use of cloud computing providers to save money - as long as specific security requirements are met. Rep. Niki Tsongas, D-Mass., and Rep. Derek Kilmer, D-Wash., introduced the Department of Defense Cloud Security Act, which would require the U.S. comptroller general and the CIO of DoD to assess the cloud security requirements of the Defense Department.

The bill would require a full evaluation of the overall security and potential capabilities of the current DoD cloud system; a determination of best practices related to cloud security by both public and private entities to establish security requirements for the DoD; and an examination of the potential for commercial cloud providers to host DoD information systems, the sponsors say...

DSB task force urges security mandates for DoD cloud computing

Grazed from FierceGovernmentIT. Author: David Perera.

Cloud computing adoption within the Defense Department will require establishment of clear security mandates, says a report from a Defense Science Board task force. The report (.pdf), dated January 2013, says among the mandates the DoD chief information officer and the Defense Information Systems Agency could establish include aspects of trusted computing such as hypervisor attestation to assure that it hasn't been corrupted, cryptographic sealing and "strong virtual machine isolation."

Data at rest should be stored in encrypted form with keys protected using a hardware attestation "such as a trusted platform module" and data in transit should likewise be encrypted with hardware-attested keys, the report says...

Department of Defense Enlists Cloud Computing Services

Grazed from Sys Con Media. Author: Patrick Burke.

Ask not what your cloud can do for you, but what it can do for your country. The Defense Department's IT infrastructure is on a mission of consolidation, standardization, security and access, the Defense Department's principal deputy CIO told attendees at a recent cloud computing panel discussion, according to an article on

The department is reducing the number of data centers from about 1,500 to "a number far below that," Robert J. Carey said, and is implementing a coherent and consistent architecture across thousands of computing environments. This process is taking place in part because of costs, but also because it makes sense when it comes to securing data within the network, Carey said...