News Feature | September 7, 2015

DISA Releases "Best Practices" Guide For Cloud Migration

Christine Kern

By Christine Kern, contributing writer

DISA Releases “Best Practices” Guide For Cloud Migration

The Defense Information Systems Agency (DISA) has released a best practices guide designed to help Defense Department (DoD) “cloud mission owners” migrate to the cloud. The guide follows the release of three other documents in July regarding cloud computing security requirements.

The “Best Practices Guide for Department of Defense Cloud Mission Owners” is intended to smooth the way for cloud migration among the Department of Defense’s many layers, in response to changes last winter.

Terry Halvorsen, DoD Chief Information Officer, said in a February 25, 2015 statement to the House Armed Services Committee, Subcommittee on Emerging Threats & Capabilities, “Cloud computing plays a critical role in the department’s IT modernization efforts. Our key objective is to deliver a cost efficient, secure enough enterprise environment (the security driven by the data) that can readily adapt to the department’s mission needs. The cloud will support he department’s JIE [joint information environment] with a robust IT capability built on an integrated set of cloud services provided by both commercial providers and DoD components. We will use a hybrid approach to cloud that takes advantage of all types of cloud solutions to get the best combination of mission effectiveness and efficiency.”

This guide is a departure from DISA’s previously published documents, as an article in Federal News Radio pointed out, and the guide itself makes it quite clear that its content is not official DoD policy, but rather a set of recommendations for smooth transitions to the cloud.

Among the information provided in the guidelines is the list of cybersecurity hurdles challenges related to cloud migration. Currently, DISA is in charge of establishing and enforcing those cybersecurity standards, but the procurement authority for cloud services now rests in the hands of individual military departments, providing additional challenges for compliance.

This document can provide insights into how commercial cloud has been used by the department and to better understand how the department views this option.