28 August 2015

The US Military Gets A Guidebook to the Cloud

AUGUST 25, 2015

DISA rolls out a collection of best practices for a Pentagon herding its myriad information services toward their cloud-based future.

The Defense Department’s information technology arm hasunveiled a guide for IT shops in the defense and military space planning a move to the cloud.

Frank Konkel is the editorial events editor for Government Executive Media Group and a technology journalist for its publications. He writes about emerging technologies, privacy, cybersecurity, policy and other issues at the intersection of government and technology. Frank also runs Nextgov's ...Full Bio

Released by the Defense Information Systems Agency, the guide is aimed atDOD “mission owners” wanting to migrate an existing information system from a physical environment to a virtualized cloud environment. The framework is based on real-world cloud pilot efforts within DOD.

The contents are not official DODpolicies, security requirement guides or security technical implement guides, but rather “a collection of best practices discovered during the DOD [chief information officer] cloud pilots effort for the benefit of the DOD community.”

While somewhat technical, the best practices guide is worth a read. It contains a short intro to the cloud, impact-level requirements, a breakdown of available cloud services and a detailed section dedicated to understanding shared security responsibility within the cloud – vital reading considering the recent data breach headlines.

A portion of the document also details how to achieve high availability (i.e. limited downtime) and the importance of the risk management framework, which recently became DOD’s default model for information security.

Finally, there’s also a “useful tips/lessons learned” section that highlights common problems cloud mission owners will run into, including what instance types to deploy, how to deploy a Web front-end server and how to estimate bandwidth usage.

The latter is important because, as the document points out, estimated bandwidth usage-based billing “can be difficult,” and it’s better to overestimate than underestimate it.

No comments: