DISA's Cloud Computing Initiatives

Interview with Henry Sienkiewicz, technical program advisor in the Defense Information Systems Agency's Computing Services Directorate.

By , May 27, 2009.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
DISA's Cloud Computing Initiatives

C

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

loud computing is among the hottest topics in the federal government, with its efficiencies promising to save agencies - and eventually taxpayers - money. Despite its attractiveness, few agencies have implemented any type of cloud computing initiative, mostly because of IT security concerns.

The Defense Information Systems Agency is among the few government agencies actively involved in cloud computing.

Helping lead its efforts is Henry Sienkiewicz, technical program advisor in DISA's Computing Services Directorate. He sees cloud computing as another way information technology can serve the nation's war fighters by finding appropriate innovations and introducing them as rapidly as they can be secured.

Sienkiewicz was interviewed by GovInfoSecurity.com managing editor Eric Chabrow.

ERIC CHABROW: What is your definition of cloud computing?

HENRY SIENKIEWICZ: Our general definition of cloud computing is really a style of computing where we have massively scaled and elastic IT service-related capabilities, provided as a service to our constituents, using Internet based technologies.

We are looking at four new things inside this cloud computing paradigm, and it is a change on the acquisition model where we are buying these IT services as services, a change in the business model where we are paying for use, where we are trying to incent behavior patterns, where users, either our war fighters or our developers, are actually paying by the SIP, so that they are using resources and paying for resources as they consume them, and they are not overbuying.

The access method is using Internet-based technologies. We, as a Defense Department, have done heavy pushes into net-centric services and delivering these services using Web 2.0 or Web 2.5 technologies to any device across the world. We have a large number of our war fighters who are in, what we consider, disadvantaged space. They have a small pipeline and we are obviously adopting our technologies to support those war fighters.

The models are scalable, commodity-based, elastic, dynamic multitenant technologies underneath the covers. All of those obviously have some security implications.

While we look at cloud computing across the board, there are different types of clouds out there: platforms as a service, infrastructures as a service, applications as a service and software as a service - the four areas that we inside of DISA have been focusing in on.

One of these initiatives that was launched this year is our Forge.mil, which is one of our entrees into applications as a service, where we have launched our version as a SourceForge.net, the open source development environment that is inside the Defense Department. It is behind the DoD firewall; it does require our common-access card to access it, but we have an open source development environment with approximately 1,000 users and approximately 50 projects at this point in time.

We are trying to address the security on the cloud environment through policy and through technology. We obviously ascribed to the DIACAP (Defense Information Assurance Certification and Accreditation Process) and the DITSCAP (Defense Information Technology Security Certification and Accreditation Process) processes; we follow the traditional certification and accreditation methodology inside the Defense Department. We are working with partners to try to streamline that process and we are looking at some other approaches. We are working with other partners inside and external to the government on finding better ways to streamline the processes, such as host-tenant model, where we certify that the operating system has a host and the tenant, the new application, goes through a streamline process of certification.

As one of the potential ways that we think we can solve the rapid introduction of innovative applications inside the department, we are working with vendor partners on trying to ensure that our virtualized environment, which is one of those enabled inside that cloud environment, is able to go there and have the proper levels of security and authorization so that there is not a cascade effect of data leaking between different environments. We inside of computing services have really standardized on VMware as our virtualization platform. We are working the VMware community to ensure that we can add additional security functions and features.

CHABROW: Everything you are doing in the cloud right now is behind the firewall, correct?

SIENKIEWICZ: We look at the three models that are out there for clouds. There is the public, there is the private and there is the hybrid. Right now we are primarily focused on a private cloud built inside the Defense Department.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Industry News: FireEye, ForgeRock Collaborate

Leading this week's industry news roundup, FireEye joins forces with ForgeRock to provide enhanced...

Latest Tweets and Mentions

ARTICLE Industry News: FireEye, ForgeRock Collaborate

Leading this week's industry news roundup, FireEye joins forces with ForgeRock to provide enhanced...

The ISMG Network