A new guide from the Defense Information Systems Agency explains what needs to be done if the Defense Department is going to get the best bang for its buck using cloud computing services.
The DISA guide points out the best practices for a DOD project manager who is procuring any type of cloud structure. It covers things like the differences between public, private and hybrid clouds; the delineation between infrastructure-as-a-service, platform-as-a-service and software-as-a-service; and who is responsible for the security in each of those stacks, and what levels of security are needed to hold various types of DOD data.
It also branches into more technical details, including what needs to be done to set up appropriate IP requirements, how various servers can be deployed in a virtual machine and what actions can be taken if a section of a cloud system is down for a certain amount of time.
The recently released document is different from what DISA normally releases regarding cloud. The agency is typically concerned with various security requirements and the ways different DOD mission offices can procure the right cloud for their missions.
Earlier this year, DISA released a guide tied exclusively to security, laying out how cloud service providers must go through different security checks before they can handle DOD data.
DOD Chief Information Officer Terry Halvorsen has a point to move toward the cloud, hoping to save billions from the $40 billion allotted in the Pentagon’s IT budget.
Read the full DISA guide below.