The Department of Defense (DoD) says it can save money by moving to the cloud, but first it needs to set security requirements that outline the details of this move.
This in contrast to previous information that the DoD had no need for public cloud services. The WHIR previously reported that the Defense Information Systems Agency wasn’t moving forward with a $450 million cloud computing contract due to lack of interest from the DoD.
Congress introduced legislation this week that would allow the DoD to host information with commercial cloud providers. The proposed law is called the Department of Defense Cloud Security Act. The US comptroller general and the CIO of DoD would explore the security requirements.
The DoD outlined its cloud strategy in 2012 in a 44 page document by DoD CIO Teresa Takai.
First on the agenda is examining the current DoD data infrastructure. According to the government security blog post, some intelligence agencies are already using cloud services to store unclassified documents.
The bill was introduced by Rep. Niki Tsongas, D-Mass., and Rep. Derek Kilmer, D-Wash., and would help the DoD establish best practices and find the best vendor for its needs.
“Modern warfare requires modern technology and America must focus on remaining at the forefront of innovation,” Rep. Tsongas said in a statement.
“In order to do so, the DOD must more effectively take advantage of technological advancements, such as cloud technology, but do so in a safe, efficient way. This legislation will allow DOD to take full advantage of the cloud services and best practices from both the government and commercial sector.”
A spokesperson for Rep. Tsongas says that storing data with commercial vendors as other federal agencies have will save the DoD a lot of money and allow for a more secure system.
Eugene Spafford, a Purdue University computer science professor and information security expert, thinks the move could help implement the Federal Risk and Authorization Management Program (FedRAMP) and promote cybersecurity reciprocity between government agencies, according to a report by GovInfoSecurity.