DoD Cloud Exchange 2023: Okta’s Sabrina Lea on the evolution of classified cloud services

The Defense Department reached a major milestone when it awarded the Joint Warfighting Cloud Capability contract vehicle in December 2022.

The contract allows DoD to order commercial cloud services “at the speed of mission, at all classification levels, from headquarters to the tactical edge,” DoD said at the time of award. The JWCC awards went to four of the top cloud infrastructure providers: Amazon Web Services, Google, Microsoft and Oracle.

With the major cloud services deal in place, software as a service companies are now eyeing opportunities to build applications that could work in DoD’s classified environments. But the way forward for those SaaS providers is somewhat murky.

“Anybody who’s trying to build a SaaS product, we all struggle with: How do I build it in the classified regions?” said Sabrina Lea, director of DoD and intelligence community programs at Okta, during Federal News Network’s DoD Cloud Exchange 2023.

Meeting the highest IL requirements

While agencies have adopted cloud services for progressively more sensitive DoD impact levels, which categorize information sensitivity, only a small handful of vendors have developed applications that meet Impact Level 6 requirements for data classified as secret.

That’s despite the increasing demand for SaaS in the commercial sector, with Gartner forecasting $195 billion in worldwide cloud application services spending in 2023.

“It’s a little bit of a chicken and an egg situation,” Lea said. “Because I don’t have a contract that allows me to build in that space. But also, why would they give me a contract, because I don’t have a capability in that space. So, it’s sort of a Catch 22.”

Still, the landscape for classified cloud-based software is evolving rapidly. In January, Microsoft announced its Office 365 suite was being made available to government customers at the secret level.

And in February, the Technology Modernization Fund announced an $11.1 million award for the Treasury Department to bring its classified intelligence-sharing network into the cloud. The project will make Treasury “the first in the Intelligence Community to implement a cloud email productivity software solution.”

“I think it’s the same Catch 22 that cloud service providers faced 10 years ago,” Lea said. “And they’ve solved that. And I think the next horizon is to solve it for us SaaS vendors who run on top of the cloud service providers.”

At the same time, DoD is also looking to move more cloud services to the tactical edge for deployed forces and warfighters — often in austere environments where connectivity can be patchy at best. The Defense Information Systems Agency’s Hosting and Compute Center specifically highlights the expected tactical edge offerings from each of JWCC cloud provider.

Moving toward the tactical edge

Lea said that’s another area where SaaS vendors will likely be investing more in their capabilities.

As an identity company, Okta too must start thinking about making those kind of investments — around interoperating with technologies that work in unique tactical environments, she said.

Lea added that major progress has been made by identity, credentialing and access management (ICAM) vendors over the past several years in coalescing around open standards.

“Now, there are open protocols that allow identity vendors to talk to each other, to really easily integrate, federate, work together,” she said. “That’s really an area where federal systems integrators can shine and where we as vendors can shine by showing how we interoperate and actually build multivendor solutions in this space.”

To read or watch other sessions on demand, go to our 2023 DoD Cloud Exchange event page.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.