DoD Cloud Exchange 2023: DISA’s Sharon Woods on JWCC’s launch, customer-centric focus

Beyond the cloud services available from the four JWCC vendors, DISA’s Hosting and Compute Center aims to make hybrid cloud adoption easy through additional c...

The Defense Department’s grand experiment, the Joint Warfighting Cloud Capability, will be put to the test this summer.

After a prolonged protest-laden saga that began in 2017 under the moniker JEDI, the Defense Information Systems Agency will put the “open for business” sign out in front of its virtual JWCC storefront.

The first task orders from the military services and Defense agencies under JWCC are in process and will begin the test of providing centralized, automated and, with hope, easy access to unclassified, secret and eventually top-secret cloud services.

“We’re building acquisition packages with customers right now,” said Sharon Woods, director of DISA’s Hosting and Compute Center, during Federal News Network’s DoD Cloud Exchange 2023. “We have developed a tool too. It’s almost like a wizard where you need a statement of work. You need to define your requirement and your evaluation criteria.”

Woods explained that HACC wanted to do away with manual processes and emailing documents around for JWCC.

“Configuration control is just a nightmare. So we’ve created this almost TurboTax experience just to put the package together, just to get the documents together,” she said. “That’s what we’re doing right now. Folks are getting their funding documents cut.”

After this upfront work to get acquisition packages together and through evaluation process, then task orders will begin to be awarded, Woods said.

HACC plans to make sure all four cloud providers can compete for all task orders, which is different than how DoD initially imagined JWCC would work, she said.

The goal is to award task orders in 60 days or less, with a longer-term goal of 30 days on average to get to award.

“We’ve got to be as creative as possible with JWCC so that we can meet the demand quickly,” Woods said. “While it is an enterprise contract, it allows for decentralized ordering. You do not have to use a contracting officer at DISA in order to place an order off the contract.”

SOURCE: DISA Hosting and Compute Center

HACC is putting together an ordering guide and templates, so that if the Army or a command wants to bring in their own contracting officers, they can do so. The idea here is that this more open

approach will help accommodate customer demand, Woods said. This decentralized approach will also give the services more control and flexibility over their own requirements as they decide which cloud service provider meets their needs best.

Education about JWCC remains top priority

Since DoD awarded JWCC in December to four cloud providers — Amazon Web Services, Google, Microsoft and Oracle — DISA has been getting the contractors up to speed through an onboarding process and educating the services and agencies about available cloud services.

“The four cloud vendors that we have on JWCC are not identical. They have different specialties, and each offers different advantages over another. There’s also different degrees of familiarity within the department with the cloud vendors. So part of what is actually provided under the contract is education and training,” Woods said. “Maybe a customer has less familiarity with one of the cloud vendors, but they’re able to access training and advisory services to help fill that gap.”

Over the last few months, HACC has been conducting a JWCC educational tour, holding dozens of meetings and sessions about the contract vehicle.

“We’re seeing great demand for JWCC, and it’s been fantastic to see. We’re really excited about the demand that we’re seeing,” she said.

Single point of entry for customers

The agency has also created a hybrid cloud broker service to aid services and agencies more directly, whether through JWCC, the Hosting and Compute Center’s own private cloud offering Stratus or just through DISA’s traditional data centers.

The hybrid cloud broker is a single point of entry for customers.

“As an honest broker, we are here to help you understand which environments may be the best in order to meet your requirements. The hybrid cloud broker is 100% customer-centric,” Woods said. “It exists for the customer, and I think there is a human element to that, and then a customer-to-technology element to that.”

From a human perspective, HACC is responding to customers in less than 24 hours — which is one of its commitments. “We are the liaison for them between different technical arms in our organization because how are they supposed to know what engineer to go talk to in order to get more detail,” she said.

What’s more, it’s not uncommon for a would-be customer to have not yet fully defined its requirements. The Hosting and Compute Center can describe what’s available to meet that customer’s specific challenges and help make sense of how to solve its problem.

“I think that is huge and elevates the experience for customers,” Woods said.

The second piece to the hybrid cloud broker offering is a customer relationship management tool. This CRM platform will help HACC better track human-centered interactions instead of information being shared anecdotally.

“By using a CRM, we can aggregate information by customer, by interest in a particular product, by particular issues that keep coming up,” she said. That capability will let the center identify needs and use trends so its teams can assist customers now and also plan for the future, Woods added.

“We’re not just imagining what that is based on a few data points and then moving out,” she said. “We’re connecting with a community of users to see if what we’re projecting does, in fact, make sense for what they’re thinking.”

Emerging set of tools

DISA customers also have access through the broker to several other tools, including the development, security and operations (DevSecOps) platform Vulcan and an infrastructure as code offering.

Woods said both of these initiatives are complimentary so that users can deliver new or upgraded capabilities in six months or less on average.

“A great example of that is infrastructure as code where you can create baselines to set up cloud environments. Rather than taking weeks, if not months, to manually do that, it does get more toward pushing a button and within two to four hours, you have your basic cloud environment up. Now, you can focus on your mission,” she said.

“We developed the baselines, but then there are different capabilities that you can prioritize. Rather than imagining those, we were interacting with our customers and taking their demands into consideration,” Woods continued. “Originally, we did this with two cloud providers. But then we added a third, and we’re in the process of adding a fourth because of the feedback from our customers. We got feedback that not just unclassified was important, but classified infrastructure as code was important as well.”

Woods added the classified version of infrastructure as code should be ready for use later this year. HACC launched the effort about six months or so ago with about a dozen pilot users and is now ready to expand beyond the initial set of participants.

“When you set up the initial cloud environments, you’re getting some of the basic security policies that are necessary. What we’ve done with the project is get those controls that that are part of those security policies pre-accredited and pre-configured. By getting them pre-configured and pre-accredited now, the mission owner is inheriting those controls.”

That way, rather than having to get accreditation for 300-plus controls on their own, a customer can inherit a substantial percentage of those and will only have to focus on what’s unique to its application, Woods said.

“The infrastructure as code is the beginning of an element to a DevSecOps pipeline,” she said. “Infrastructure as code and the idea of that automation, the pre-configuration, the consistency around setting up those environments, are a lot of the basic tenants behind a DevSecOps operation.”

Woods said all of these efforts come back to the simple but complex goal of HACC becoming the cloud provider of choice for the military services and DoD agencies.

By prioritizing the customers and their missions, DISA can help them get out of the traditional mindset and focus on driving capabilities to the warfighter faster and better, she said.

“We have to make it easy to adopt hybrid cloud. I want to make a distinction there. I say ‘hybrid cloud’ because that’s really today’s world of hybrid capabilities. It isn’t just one platform over another, but it’s not enough to develop a capability and just throw it over the fence and say, ‘Hey, here’s hosting and compute, good luck,’” Woods said. “We have to be thinking about the ordering process, the provisioning process and even just how we do technical exchanges and make ourselves available to the customers. For us, best value is prioritizing the customer. It’s providing optionality, and it’s making it easy to adopt hybrid cloud.”

To read or watch other sessions on demand, go to our 2023 DoD Cloud Exchange event page.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more