Look to DoD for a New Cloud DefenseCreating a More Defensible Cloud-Computing Architecture
Building security into IT architecture is one of the best ways experts say systems and data can be safeguarded. And, that's how many see how cloud computing can be made secure as organizations architect IT systems of the future.
Take a look at what's happening at the Defense Department, which is taking a security-centric approach in developing its next generation IT architecture.
At a House Armed Services Subcommittee on Emerging Threats And Capabilities hearing this past week on President Obama's $37 billion Defense Department IT budget request, which includes $3.4 billion for cybersecurity, NSA Director Keith Alexander testified that the Defense Department's existing information systems architecture was not built with security uppermost in mind. Instead, he said, DoD has 7 million networked devices in 15,000 network enclaves.
"Our vision is to fashion that architecture into an operational platform, not just a channel for communications and a place for data storage," said Alexander, a four-star Army general who also serves as the military's Cyber Command commander.
To do so, Alexander said, components of DoD's cyber enterprise - its chief information officers, Defense Information Systems Agency and Cyber Command - are collaborating to build a common cloud infrastructure across the department and military services that will be more secure and efficient - and ultimately less costly in an era of diminishing resources - than what it offers today.
More Defensible Architecture
"The IT infrastructure of the future - the STIn (Security Technical Implementation) virtual cloud environment - will make it a much more defensible architecture," he said. "I think that's the key to the future."
To be clear, DoD leaders aren't necessarily talking about the public cloud or even a private cloud operated by a cloud provider. The department is moving to a cloud architecture as part of its data center consolidation initiative that over the coming years will reduce significantly the number of data centers from the 770 it operated last year. By the end of September, the end of fiscal year 2012, DoD should be operating 115 fewer data centers.
What's important here is the concept of the cloud architecture itself, something that could prove useful and secure for various cloud computing offerings as all types of organizations migrate to the cloud.
Defense CIO Teresa Takai explained at the hearing that developing an IT cloud architecture means that the department will be employing multiple clouds, and that its various components will be able to learn from one another on how best to deploy secure clouds.
"We'll be looking at what services are going to be provided by each one of the military services, and the way they're moving to their own cloud," she told lawmakers. "Then, we'll be looking at an enterprise cloud to provide services like identity management, enterprise e-mail, some of those things we need across the department from an information sharing standpoint."
Even a cloud architecture designed with security in mind isn't bulletproof. Breaches will occur, Takai said, but a security approach can help minimize the damage. Takai said the department will employ a two-prong approach - securing the perimeter as well as the data - as information and services are moved to standardized cloud computing platforms. "We're going to be able to better protect as we get more standardized," Takai said.
"We need to be able to protect at the information level," she said. "That is why we're focusing very much on identity management so we know who is in the cloud. And, we're also linking that to what information that particular individual has access. It's really both of those (approaches) that give us assurance so that as we move to that kind of an architecture, we will be able to better protect our information."