The top technology officer at the Department of Defense (DoD) wants to work more closely with cloud service providers, saying yesterday that he expects to enhance collaboration with the private sector as the Pentagon, like the rest of the federal government, looks to trim IT costs and improve efficiencies.
Speaking at a cloud event geared for private-sector firms, Terry Halvorsen, acting CIO at DoD, outlined his vision "to form an interactive partnership between all of the government players involved within DoD and industry to get it right."
"We are going to continue to move more into the commercial space," Halvorsen says. "One of the questions that we're wrestling with today inside the DoD technology is what businesses should we be in, and how much of any business should we be in."
Perhaps more to the point, he wonders what businesses the Pentagon should get out of, and "where should we be using more of the commercial capabilities?"
DoD Interest in Private Sector Huge Opportunity for Cloud Vendors
The Defense Department's growing interest in the private sector presents a massive opportunity for cloud vendors looking to tap into the government vertical. In fiscal 2014, DoD's technology spending checked in at $31.3 billion, according to a dashboard that tracks federal IT expenditures. That figure dwarfed all other federal organizations: the next biggest spender was the Department of Health and Human Services, which laid out $9.6 billion for IT last year.
The Defense Department is also one of three federal entities that preside over the government-wide approval process for FedRAMP, the security credential that cloud providers must obtain to do business with departments and agencies.
So by virtue of DoD's size and its role in the security sign-off process, it was small wonder that scores of representatives from technology firms were on hand for the department's industry day to hear what Halvorsen is looking for in a cloud vendor.
"I don't think it's any secret we are -- from both volume of data and amount of dollars -- we are the biggest player in the federal government," he says. "So I think when we do things ... we're going to have some people follow what we do. That's just a fact because of our size."
Halvorsen acknowledges that the Pentagon isn't the easiest customer to work with. To the vendors in the audience Thursday, he promised that the department is committed to sharing more information and consulting more closely with its industry partners, simplifying its data architecture, and offering more concrete standards for tech suppliers to build to, though he admits that security in the cloud, of necessity, will remain a moving target.
But just as the Defense Department is aiming to improve its procurement process, cloud providers need to take certain steps to make their services a better fit for the sensitive government and military environments.
"There is responsibility on industry side, too. As I have to be transparent, so do you. You've got to be transparent in sharing your data with us," Halvorsen says.
The service-level agreements are often a stumbling block in the government contracting sphere, and especially in cloud computing. Halvorsen acknowledges that in a world of ever-more sophisticated hackers who are working around the clock to hack government systems, security incidents are inevitable. But while vendors cannot guarantee bullet-proof security, they can offer better assurances for how they will assume responsibility for any data lost or compromised in a breach.
"When you lose our data that's in your cloud, you have all the normal liability issues. But let's be real, you're dealing with DoD, you also have -- no other way to say it -- you also have a bit of a political liability. Our data gets lost, it's going to make the news. It's gonna get interest by Congress; it's gonna get interest by the American people," Halvorsen says.
"How do we handle that jointly in a very transparent manner? And I will tell you that is the thing I am most concerned about when I look at some of the proposals," he adds. "That means that you're going to have to say that your company was part of the loss. Yep, it does. So we need to work through that."
Secrecy Among Cloud Vendors Will Hurt Adoption
Halvorsen also argues against the secretive tendencies he has observed among some vendors. Just as he is looking for a closer collaboration between the Defense Department and industry, he is urging service providers to forge ties with one another to facilitate more fluid data exchanges across their respective infrastructures.
"Maybe the hardest thing for industry [is] we've got to figure out amongst industry how you're willing to share your data amongst your other industry partners," Halvorsen says.
"This won't be a single cloud environment," he adds. "This is going to be multiple clouds. We're going to have multiple partnerships. The only way that's going to work effectively, efficiently and securely is that we share common data, particularly in the security area."