Capacity on Demand: The Next Phase of Defense Cloud Adoption?
Published: July 02, 2014
If one thing has become clear over the last few months concerning the Department of Defense’s plan to use commercial cloud services, it is that Infrastructure-as-a-Service (IaaS) providers will have more near-term business opportunities available to them than any other type of provider. The DoD may seek out specific kinds of applications offered by commercial partners on a Software-as-a-Service (SaaS) basis (think analytics, cyber security, unified communications, network management, etc.), but the evidence points to infrastructure providers deriving the highest demand and earning the highest profits.
The evidence I refer to is pretty straightforward.
First, the DoD is awash in duplicative applications. The Army alone, according to Doug Wiltsie, the Army’s Program Executive Officer Enterprise Information Systems, has as many as 25,000 applications that must be de-duplicated, decommissioned, and migrated to the DoD Core Data Centers provided by the Defense Information Systems Agency (DISA). The situation is similar in the Air Force, with as many as 8,000 apps in need of rationalization, and Navy, which seeks to cut its 7,000 applications in half. That’s 40,000 applications the DoD has, not counting other defense agencies. You can see why buying new apps is not a priority for the department.
Second, so far DISA’s Enterprise Cloud Broker Program Management Office has approved Amazon Web Services, CGI Federal, and Autonomic Resources to run cloud services for DoD customers. Unless I am mistaken, all of these are cloud hosting vendors that provide massive computing and storage infrastructure.
Third, and finally, one of the major thrusts behind the establishment of the Joint Information Environment is to remove throughput limits as a roadblock. Eliminating bandwidth constraints goes hand-in-hand with using commercial services for capacity on demand, since greater bandwidth enables expanded use of enterprise services, including analytics, and greater ability to “surge” data across the network as it is required. To again cite comments recently made by PEO EIS Wiltsie, the Army requires commercial capacity enhancement for a number of purposes, including end of year auditing activities related to Enterprise Resource Planning programs and to reduce costs that the Army is currently passing on to DISA.
Given the evidence above it seems likely a veritable tidal wave of DoD requirements for commercial IaaS services is on the way. As always, it is useful to watch what Army’s PEO EIS does, as well as what its leadership says. In first quarter of this fiscal year, EIS released market research requesting industry feedback on, you guessed it, Information Technology Capacity on Demand (ICOD). The ICOD RFI sought to “identify potential sources capable of providing a capacity processing infrastructure / solution required to deliver on-demand IT capacity for a variety of application and processing environments.” Information gathered from the ICOD RFI will probably be used to establish a baseline understanding of the commercial landscape; call it creating a “stable” of potential commercial partners, if you’d like.
As the number of cloud services providers receiving FedRAMP and DISA Cloud PMO ATOs increases, the likelihood that Requests for Proposals related to application migration and hosting services for DoD will also grow. DoD use of DISA’s milCloud solution will have to grow first, however, and reach a mass critical enough for DoD customers to confidently use commercial partners. By critical mass I mean enabling Defense applications for the cloud using DISA’s Orchestrator tool. Once DISA has proven that apps migrated to the cloud are on a cloud footing, expect them to flood back out into the waiting arms of approved commercial providers.
In effect, DISA is acting as the DoD’s cloud gatekeeper and way-station for putting Defense applications on a cloud footing. Engineering applications to function in a cloud environment is essential for protecting the data they handle. DISA will do this via its automated solution, determine the data impact level the data falls under, and then use one acquisition vehicle or another to farm out management of the approved, engineered capability to industry. It’s not a cheap way of doing things, but it does address the DoD’s concerns about data security while also ensuring that the department complies with legislative mandates for it to utilize commercial cloud providers.