Failure to Modernize Legacy DoD Systems is Putting U.S. National Security in Jeopardy, Report Claims
In a new study titled ‘Innovation Imperative: The Drive to Modernize DoD’, Meritalk queried 150 federal IT managers working in Department of Defense (DoD) organizations. The stated objective was “to understand the state of their IT infrastructure and applications.” This was to include levels of satisfaction, an indication of where missions are being met or missed, and what should be done next.
In fact, this report is solely about DoD IT managers’ attitude towards cloud migration — which is perhaps unsurprising since the survey was underwritten by AWS and Red Hat.
The results confirm a strong belief that cloud is the way forward — and perhaps the only way for the U.S. military to maintain an advantage over the world’s other super powers: China and increasingly Russia. For example, 80% of the respondents say the DoD needs to improve the use of cloud to maintain the military’s technical advantage and support mission success; and 81% say accelerating DoD’s adoption of cloud is critical.
86% of respondents said that failing to modernize legacy DoD systems is putting U.S. national security in jeopardy.
The increasing use of artificial intelligence and big data analytics by the military, the need for more efficient data sharing between agencies, and the power to transcribe and translate massive amounts of recorded voice in almost real time can only be served by the power and flexibility of the cloud.
Respondents to the survey specifically see DoD cloud adoption important for big data analytics (85%), electronic warfare (83%), shared services (82%), DevOps (81%), AI (77%), IoT (73%), machine learning (72%) and blockchain (61%). But this understanding is not new to the DoD.
The Joint Enterprise Defense Infrastructure (JEDI) initiative is a plan for the DoD to acquire its own commercial cloud infrastructure suitable to hold DoD data at all classification levels, and available to any organization in DoD. It is a massive project spread over a ten-year ordering period, and thought to have a budget of around $10 billion over that timeframe.
It is believed that the DoD’s preference is to award the project to a single provider; and it is equally believed that AWS is the frontrunner. Smaller existing cloud providers would lose out, and have been lobbying for a multi-provider approach. Microsoft, Google and IBM are also rumored to be interested in bidding for the project.
There is little mention of JEDI within the Meritalk survey. However, 51% of the respondents said they believe that a single-vendor cloud solution has more pros than cons. Sixty-three percent said that talk about JEDI has had “a positive impact on the pace of their organization’s IT modernization efforts”; and “72% feel utilizing multiple cloud vendors would increase the complexity of their organization’s system integrations.”
The Meritalk survey, underwritten by AWS and Red Hat, offers strong support for the DoD’s single supplier JEDI preference, where AWS (most probably backed by Red Hat software) is the frontrunner.
But regardless of who wins the JEDI provider contract, the survey also demonstrates that DoD IT managers are ready to increase their migration to the cloud. More than 50% of the respondents would recommend moving 50% of their current data to the cloud (13% would move ‘the vast majority’ of their data). They are unlikely — and in some cases for reasons of national security unable — to adopt a cloud-only strategy.
This will set the DoD on a path directly parallel to that faced by commercial enterprises today — to what extent should existing infrastructures and data be migrated to the cloud, how can it be achieved, and how do you secure it. The only primary difference is that DoD already knows which cloud; that is, the JEDI cloud.
“The survey shows that the interest and promise of the cloud is well recognized, but the DoD would benefit from the lessons being learned right now by large private enterprises going through the same processes,” Ken Spinner, VP of field engineering at Varonis told SecurityWeek. “Private industry, which is often recognized for its agility and embrace of new technologies, still largely works with a hybrid mix of cloud and on-premises systems and storage.”
“One thing is certain,” agrees Rick Moy, head of marketing at Acalvio: “hybrid networks, or cloud and on-premises.” Both agree that adoption of JEDI — or any other cloud solution — will present the DoD organizations with both challenges and opportunities.
“There’s no easy button and the cloud is not without risks,” says Spinner. “Another concern, and perhaps the weakest link, are the defense contractors that access confidential intelligence as part of their daily workload. It’s far too tempting for a few bad actors to breach a system and attempt to steal data — the cloud needs to be protected just like on-premises systems and data. Another challenge will be to ensure that the security capabilities people currently have with on-prem solutions are available and tested with both pure cloud solutions and hybrid solutions.”
But Moy adds the possibility of ‘starting over’. ““I would argue that a move to cloud represents a fresh opportunity to build in better security and advanced monitoring capabilities,” he told SecurityWeek: “ones that we may have overlooked in on-premises deployments. For instance, unified policy, access controls, deception, logging and monitoring, and so on.”
The JEDI project shows that the DoD hierarchy is already set on a cloud future; and the Meritalk survey
shows that individual DoD IT managers are ready for the challenge. “As DoD knows,” concludes the Meritalk report, “cloud isn’t the final destination — but it sets the foundation for necessary innovation, collaboration, and next-generation technologies like big data analytics, shared services, AI, and electronic warfare. Agencies must keep their eyes on the future and consider cloud in terms of broader IT modernization efforts government-wide.”
Related: Senator Asks DoD to Secure Its Websites
Related: Why Multi-cloud Security Requires Rethinking Network Defense
Related: Security Performance in the Cloud: Not All Solutions Are Created Equal