“If we lean towards excessive security requirements that is a problem not just for DEOS, but it’s also a problem for the Defense Department achieving efficiencies associated with cloud at all,” Hermann told Federal News Radio after a June 14 speech in Baltimore. “Fundamentally, it’s about whether the Department of Defense is the sole customer of the offerings versus federal versus the commercial world. If I walk down the aisles here at the conference and I talk to a vendor that offers cloud services what I’ll find out is they’ll offer me email for a dollar a year. It’s very inexpensive and that’s the slick sheet when you talk to some of these marketing folks.”
But for the level of security DoD expects, the cost gets higher.
DISA is only offering DEOS to DoD components; it’s the services’ and agencies’ decision to buy into DEOS or opt out.
“We’re trying to make sure that within the Department of Defense we have sufficient numbers of quantities of users that make this an attractive service for industry to deliver to the Department of Defense. We know the security requirements and we are trying to stay out of our own way and do this once as the Department of Defense as opposed to a lot of different times separately,” Hermann said.
Hermann added that there isn’t a specific number in place that will turn DoD off to a commercial option for DEOS.
Right now DEOS’s requirements document for commercial DEOS is about 80 pages long, Hermann said. DISA is trying to redline the requirements that cannot be achieved by commercial options.
DISA’s goal is to deliver DEOS as a tiered model to the military services and DoD components. The four tiers will offer different types of usage and features of the platform.
That way some components won’t have to buy into services they don’t need.
DISA recently submitted a business case to the Pentagon for the tiered system.
The agency is currently finding an acquisition strategy for DEOS, coordinating a timeline with the components and gathering consumption expectations and cost assessments.
DISA expects to set up DEOS first within the agency once the contract is awarded so it can be tested. Hermann said DISA hopes to set up DEOS in the United States non-secret network in less than a year.
“Our expectation is that it takes approximately six to nine months to accredit and implement the services in a commercial service provider facility. At that point we would begin migration activities of users onto the server, so DISA would be among that first group. We intend to have licensing available for mission partners to make sure they are ready on their end to consume the services and that’s an interesting challenge for them,” Hermann said. “The speed that we can migrate users depending on the requirements that come to us from the services is going to be a key metric for us. We are looking to be sure we can find all the bottle necks that can slow down migration.”
DISA is still a year ahead of schedule in awarding the contract. It plans to award in the first quarter of 2018.