DoD Cloud Strategy The DoD Cloud Strategy reasserts our commitment to cloud and the need to view cloud initiatives from an enterprise perspective for more effective adoption. It recognizes our experience over the past five years and identifies seven strategic objectives along with guiding principles to set a path forward. It emphasizes mission and tactical edge needs along with the requirement to prepare for artificial intelligence while accounting for protection and efficiencies. The strategy drives implementation toward the enterprise cloud environment, an ecosystem composed of a General Purpose and Fit For Purpose clouds. It focuses implementation activities on two fundamental types of work: first is the stand up of cloud platforms ready to receive data and applications, and second is the ongoing work to migrate existing applications and to develop new applications in the cloud. U.S. Department of DefenseDoD_5e8dcfdc-5d6a-11df-839d-400e7a64ea2aThe Department of Defense (DoD) has entered the modern age of warfighting where the battlefield exists as much in the digital world as it does in the physical. Data and our ability to process data at the ready are differentiators to ensure mission success. Cloud is a fundamental component of the global infrastructure that will empower the warfighter with data and is critical to maintaining our military's technological advantage. WarfightersWarfighters are empowered with data to maintain our military technological advantage_6c2ce580-395b-11ed-9501-22980383ea00To drive implementation toward the enterprise cloud environment_6c2ce6ac-395b-11ed-9501-22980383ea00PrinciplesStrategic Approaches and Guiding Principles ~ DoD requires an extensible and secure cloud environment that spans the homeland to the global tactical edge, as well as the ability to rapidly access computing and storage capacity to address warfighting challenges at the speed of relevance. Technologies such as AI and ML have the potential to fundamentally change the character of war. DoD will embrace an approach that leverages multiple cloud providers who can provide General Purpose and Fit For Purpose clouds. The interoperability of the multi-vendor and multi-cloud environment will be governed by one overarching enterprise cloud strategy. To achieve the objectives outlined above, the Department will pursue a set of guiding principles that will inform future decisions about enterprise clouds: Warfighter First, Cloud Smart-Data Smart, Leveraging Commercial Industry Best Practices, and Creating a Culture Better Suited for Modem Technology Evolution. Warfighter FirstThroughout the Department's transition to commercial cloud services, it needs to continuously test that cloud solutions are built in a manner that never puts the warfighter and his/her mission at risk. This will require the Department to rigorously red team and challenge itself with independent assessments of the cloud environment and to utilize tactical distributed computing. At all times, DoD needs to ensure that cloud is addressing the needs of improving military lethality. By constantly challenging itself around lethality with red teams, DoD can ensure that the cloud will be positioned to support the challenges ofthe global environment. Cloud Smart-Data SmartTo achieve the objectives outlined above, the Department must pursue a Cloud Smart-Data Smart approach. This approach includes: ^^ • Cloud Smart: One cloud strategy to adopt cloud solutions that streamline transformation and embrace modern capabilities for multiple clouds and missions ^^ • Data Smart: Data transparency and visibility enabled by enterprise infrastructure, application standards, and data tagging. ^^ The Department seeks to leverage the decision making advantages on the battlefield enabled by AI and ML. The Department will best take advantage ofthese capabilities by executing this succinct, integrated, and adaptive cloud strategy that encompasses multiple clouds and missions across the entire DoD. Systems/applications can be designed with the cloud in mind to simplify adoption and to allow for integration across the Department. Common data and application standards associated with conducting operations in the cloud, such as data normalization/tagging, transport protocols, and interfaces, will be developed to enable and encourage the adoption of enterprise solutions that navigate DoD away from custom, approaches. These standards, combined with the computing power offered by cloud, will allow the Department to function at a tempo never before seen, making informed, analytical decisions at machine speed.Best PracticesLeverage Commercial Industry Best Practices ~ In addition to Cloud Smart-Data Smart, DoD must leverage commercial industry best practices in its approach. This includes: ^^ • Leveraging commercial technology, capability, and innovation whenever possible ^^ • Maximizing competition to ensure that DoD is getting the best technology and value ^^ • Leverage industry open standards and best practices to avoid lock-in and provide maximum flexibility for future cloud advances ^^ • Independently assessing the services delivered to ensure that the data remains secure. ^^ The Department will leverage critical foundational technologies available in commercial cloud computing and storage, to enable innovation wherever possible, while eliminating considerable technical debt and security risk. DoD is positioning itself to get the best value in today's market of cloud computing capabilities to support warfighting and business requirements and to grow capability as industry evolves. In addition, DoD seeks to maximize competition, not only when awarding the pathfinder General Purpose cloud, but also by ensuring access to a variety of Software as a Service (SaaS) capabilities that are complementary to the General Purpose and Fit For Purpose clouds. The Department must take advantage of the advances that American private industry has made. All of this will be built into commercial pricing structures. IfDoD can adopt this commercial mindset toward cloud computing, it can incorporate commercial industry lessons learned into future architecture decisions. Technology EvolutionCreate a Culture Better Suited for Modern Technology Evolution ~ Finally, through this strategy, the Department seeks to create a culture that is better suited for adaptability and modem technology. This includes: ^^ • Creating an environment where people can innovate iteratively ^^ • Embracing enterprise solutions and navigating away from custom federated approaches ^^ • Creating a sustainable culture and workforce that can effectively use what cloud provides ^^ • Creating a culture that enables continuous learning from our cloud partners. ^^ Iterative innovation is essential for successfully adapting modem technologies in an evolutionary fashion. To achieve this, DoD will embrace the use of leading modem technology quickly and more rapid prototyping ofnew systems. Examples include developing and deploying capabilities for DevSecOps in the cloud environment to securely develop and test software for use in the cloud and using commercial clouds to enable small and medium size companies to more effectively secure Controlled Unclassified Information (CUI). To achieve this innovation and create a culture better suited for adaptability and modem technology, the DoD workforce must change its culture. The Department must develop a cadre of technical professionals, as well as encourage technical proficiency throughout the entire Department. The Department has never built or implemented an enterprise cloud solution and therefore, recognizes the importance offinding a commercial partner to help begin the process of enterprise learning and the development of technical cloud proficiency. GrowthEnable Exponential Growth_6c2ce774-395b-11ed-9501-22980383ea001The pace of data growth is accelerating; in the last two years, the world produced 90% of all existing data. This is a trend that has been going on for a decade, with no end in sight; however, the Department's ability to access all ofthat data when and where it is needed has not evolved at the same pace. Modem computing capabilities can access, retrieve, manipulate, merge, analyze, and visualize data at machine speeds, providing substantial decision making advantages on the battlefield. To adapt to the continuously growing data environment, DoD requires an extensible and secure cloud environment that spans the homeland to the global tactical edge, as well as the ability to rapidly access computing and storage capacity to address warfighting challenges at the speed of relevance. ^^ DoD relies on critical intelligence to make vital national security decisions. The quantity and quality of intelligence information has been the tipping point in numerous conflicts. As the quantity of raw information production increases, so does the struggle to organize, analyze, and distribute that information to make critical decisions. ^^ DoD must continue to maintain its strategic advantage across the globe. In today's world, this cannot be done without laying the critical foundation needed to harness the power ofits own data and information systems. This is the realization of cloud computing: the ability to organize, analyze, secure, scale, and ultimately, capitalize on critical information and fight in the digital age. These capabilities must be ubiquitous and available to all Department decision makers, warfighters, and staff. _6c2ceb52-395b-11ed-9501-22980383ea00ElasticityScale for the Episodic Nature of the DoD Mission_6c2cecd8-395b-11ed-9501-22980383ea002By implementing a scalable solution, mission owners will gain significant efficiencies in the execution of mission capabilities and cyber operations by fully embracing the dynamic elasticity of commercial cloud architecture. The Department's cloud infrastructure will allow for provisioning and deprovisioning of resources automatically. This provides optimum asset utilization when compared to traditional IT infrastructure that is constantly in use, even when demand is minimal. This efficiency will also eventually improve the government's budgeting, billing, and payment practices by providing detailed resource usage reports for all mission owners. This transparency will further drive more efficiencies in the future on how applications are built. ^^ Additionally, the cloud pay-for-use model will provide the flexibility to optimize costs across the IT portfolio and allow DoD to adapt to changing priorities, budgetary conditions, and industry developments. To achieve this cost transparency, strong governance will need to be put in place for how applications are built and data is transmitted and stored. As we develop these standards, implement them, and subsequently learn and better align our services and data to an enterprise solution, we can look to automated tools and techniques to better inform accurate tracking offinancial execution of cloud resources. _6c2cedc8-395b-11ed-9501-22980383ea00Cyber ChallengesProactively Address Cyber Challenges_6c2ceea4-395b-11ed-9501-22980383ea003DoD must create a standard cloud-based cyber architecture that addresses the needs of commercial and internal-based clouds and encompasses infrastructure, applications, and data. This must include the ability to keep the environment "evergreen" in terms ofsecurity and technology. ^^ DoD will produce a unified cybersecurity architecture that addresses cloud and the needs of classified and unclassified missions and data. The capabilities will be tested and assessed independently and frequently to ensure that cybersecurity attributes remain effective against developing threats. ^^ DoD must embrace modern security mechanisms built into modern commercial cloud providers' platforms to ensure the security of these large amounts of data and to safeguard the information. This requires shifting the focus ofsecurity from the perimeter edge of the network to actively controlling use of the data itself. In addition to modern encryption algorithms and key management built into commercial cloud services, proper tagging of data will allow for it to be tracked and protected at the necessary levels. DoD will develop a Data Management Strategy that provides the focused discussion with respect to data. ^^ In addition to DoD data security, each Cloud Service Provider will be integral to combating cyber challenges and securing the cloud. The Cloud Service Providers will automatically scan infrastructure resources and generated logs, which will be used to identify vulnerabilities early and to make intrusion detection and mitigation in near-real time a reality across much ofthe enterprise. With the rise of hardware vulnerabilities, such as Spectre, and increased insider threat, a focus must be applied to both software and hardware- which change at an incredible pace. Keeping up with those changes is difficult, but failure to keep pace has created significant security risks and will only increase in the years to come. Here, again, modern commercial providers have addressed this problem. Moving infrastructure from DoD-managed, on-premises facilities to the cloud will take advantage ofthe rapid roll out ofsoftware and hardware updates. Cloud Service Providers are able to shift workloads within their data centers such that updates are seamless to customers. Hardware with defects or vulnerabilities is constantly swapped out and software patches are applied with vigor in a secure and fault tolerant manner. ^^ Although commercial cloud has many security advantages and opportunities for the Department, the transition to the commercial cloud environment also presents new security challenges. The transition from traditional IT management to the managed cloud service model alters the balance of visibility and control with ease of use, automation, leading edge technology adoption, and optimization of its information domain. The DoD CIO is responsible for defining the security guidelines in the cloud environment. The risk and the responsibility for executing the security in the cloud environment is shared between the Cloud Service Provider(s) and the system owners. DoD CIO will identify the command and control (C2) requirements of the shared cybersecurity responsibility model between DoD and commercial vendors to ensure standard execution of C2 responsibilities for DoD information in commercial cloud. The specific requirements of securing a cloud environment will strain the traditional technical workforce and requires specialized skills where the Department currently has limited expertise. ^^ Historically, information security has been heavily focused on perimeter defense: limiting network access at the boundary. Unfortunately, this model is challenging for a commercial cloud environment where data is being accessed remotely and shared within and between deployments, regions, and from each Cloud Service Provider to other data locations, such as on-premises data centers at military installations. Therefore, the Department will shift its security focus from perimeter defense to securing data and services. This shift will be accomplished first through strong authentication for both people and machines and secure encryption mechanisms both at rest and in transit. In order to facilitate remote access, the DoD cloud environments will supply builtin cryptographic technology that enables organizations to encrypt communications by default. Since the information security responsibility is shared between the Department and its Cloud Service Providers, the Department will include language in all cloud computing contracts directing Cloud Service Providers to monitor their cloud infrastructure and maintain authenticated, encrypted logging of security-relevant events that generate an audit trail and are engineered to be resistant to tampering. To address the workforce strain in adopting these new security postures, the Department will include cloud adoption assistance and specialized training for its workforce as a part ofDoD Cloud Service Provider contracts. _6c2cef80-395b-11ed-9501-22980383ea00AI & DataEnable AI and Data Transparency_6c2cf14c-395b-11ed-9501-22980383ea004DoD must enable decision makers to use modern data analytics, such as Al and machine learning (ML), at the speed of relevance to make time-critical decisions rapidly in the field to support lethality and enhanced operational efficiency. The algorithms used to inform decisions are dependent on the Department's data and information being organized, secure, and visible in a common environment. An environment where data is stored in a multitude of disparate and disjointed stove pipes reduces the efficiency and tempo ofthe Department. To maximize the utility ofcloud computing technologies, data must be managed properly and follow modern technologies like data lakes and data hubs, which are accelerated and amplified by cloud technology. ^^ Data stored in an enterprise DoD cloud will be highly available, well-governed, and secure. Data will be the fuel that powers those advanced technologies, such as ML and AL This critical decision making data will be made available through modem cloud networking, access control, and cross domain solutions to those who require access. Common data standards will be a key part of the Department's methodology for tagging, storing, accessing, and processing information. Ensuring an enterprise cloud environment will increase the transparency ofthis data, and drive the velocity of data analysis, processing, and decision making. Leveraging advances in commercial cloud security technologies will ensure the Department's information is protected at the appropriate level. ^^ Commercial cloud provides the ability to scale and secure both the collection and the analysis of data stored in an enterprise DoD cloud. This gives mission owners the capability to make decisions with the most relevant information. The distributed nature of cloud computing allows for a more flexible execution environment while simultaneously providing increased information security. This allows for scaling and distributing data repository stores while maintaining security posture and providing new opportunities to obtain mission insights through data collaboration. Similarly, the computing power required for analysis of massive amounts of data can be scaled seamlessly in seconds. This ability to scale will ensure that mission execution is not hindered by insufficient computing and storage capacity and enable the creation of new information models that were previously unachievable. _6c2cf250-395b-11ed-9501-22980383ea00Tactical SupportExtend Tactical Support for the Warfighter at the Edge_6c2cf34a-395b-11ed-9501-22980383ea005WarfightersThe DoD cloud environment will serve mission owners in every environment, across the range ofmilitary operations, from the tactical edge to the home front, both CONUS and OCONUS, and at all classification levels and disseminations (e.g., NOFORN and REL). We must embrace computing solutions that enable warfighters in their environment versus forcing them to conform to the current environment ofsiloed data and legacy applications. The integration and operation of computing solutions will be straightforward and repeatable, regardless of the required classification level of the system. This will allow warfighters to make data driven decisions and enhance DoD ability to share data with allies and operate as a coalition force. The security of the classified environments will support the level demanded by mission requirements. ^^ Industry has made huge strides in disconnected operations. The Department's General Purpose and Fit For Purpose clouds will capitalize on these efforts to provide the warfighter with the latest technology where they need it and when they need it regardless of the environment. Cloud devices employed by warfighters at the tactical edge will be ruggedized and adaptable, providing for automatic synchronization to the greater cloud once communication is sufficient or reestablished. While certain DoD programs are not immediately amenable to migration to the cloud, some ofthese sytems may ultimately be bridged to the cloud, while others may be addressed through separate non-cloud solutions. But overall, this auto synchronization of information will ensure warfighters are retaining data, feeding it back into models, and fighting with the most recent algorithms. Doing this in a secure environment will be a force multiplier and directly support the primary goal of the cloud environment: information superiority. _6c2cf444-395b-11ed-9501-22980383ea00ResiliencyTake Advantage of Resiliency in the Cloud_6c2cf552-395b-11ed-9501-22980383ea006Enterprise cloud allows for continuity of operations and efficient failover in times of crisis and operational disruption. Cloud computing is a key component in overcoming these challenges and ensuring comprehensive mission execution, due to its distributed, scalable, and redundant nature. Executing this cloud strategy will incorporate standard approaches to leveraging cloud for this mission resiliency. The enterprise cloud will offer support for failover in times ofinfrastructure degradation as well as recovery from operational outages and significant cyber incidents. ^^ The distributed, redundant nature of cloud computing overcomes another cyber challenge with its ability to failover in times of crisis. Our commercial cloud solutions will use advances in technology to automate failover, solving a major deficiency throughout the Department. DoD will only be able to ensure continuity of operations for digital services. We will accomplish this by taking advantage of multi-region and multi-availability zone (AZ) architecture, which exists natively within major cloud providers, and pairing this with the effective deployment of secure Cloud Access Points (CAPs) to cloud-based cybersecurity solutions for increased resilience. DoD cloud architectures will allow for workloads to shift from one AZ or region to another, within a single cloud provider, nearly instantaneously upon detection ofthe failure of a primary data center. This will be vital in the case ofhuman-made or natural destruction of a large geographic area. The configuration of automated failover is not itself automatic. To fully achieve this capability, applications will need to be re-architected for the cloud. This will allow the Department to bypass the cost and manual effort currently required for the Department to maintain multiple instances of the same data across cloud providers or on-premises data centers, which does not provide the same level offailover as that provided by commercial cloud. _6c2cf656-395b-11ed-9501-22980383ea00IT ReformDrive IT Reform at DoD_6c2cf75a-395b-11ed-9501-22980383ea007The cloud will allow DoD to further consolidate its sprawling data center assets. The Department still has an opportunity to further rationalize and has done significant work to rationalize and reduce data centers. The cloud will provide an opportunity to accelerate and extend those consolidation opportunities, as well as the opportunity to deliver integrated Defensive Cyber Operations (DCO) and achieve efficiencies through rapid deployment of common services. An enterprise cloud perspective will enable more centralized cloud management and a broader availability of security service options for wider cloud adoption by DoD to include those DoD Components with smaller implementation staff. _6c2cf87c-395b-11ed-9501-22980383ea002018-12-312022-09-20https://media.defense.gov/2019/Feb/04/2002085866/-1/-1/1/DOD-CLOUD-STRATEGY.PDFOwenAmburOwen.Ambur@verizon.net