DoD’s cloud strategy hung up by budget, contract limitations

As the Defense Information Systems Agency named John Hale its new cloud czar, a recent report from the Defense Department chief information officer states that Hale may face some hefty challenges going forward.

Hale tweeted Oct. 19 that he would be assuming the position. He previously served as DISA’s chief of enterprise applications.

The new position was created by DISA to bring all cloud related activities into a single portfolio, said Russell Goemaere, a DISA spokesman, in an email to Federal News Radio.

Hale “will work with each cloud effort to ensure they are resourced properly, that they are in-line with overall DoD objectives and meet the needs of our mission partners,” Goemaere said.

The move may be part of DISA’s reorganization prompted by former director Lt. Gen. Ronnie Hawkins. One of the main pillars of the reorganization’s categorization of the agency’s responsibilities is cloud services.

While DISA is reorganizing, however, a report received by Congress in September stated DoD may have trouble figuring out how much contracted cloud services will cost.

As DoD continues to further adopt and integrate the cloud as a means of storing data, the utility billing model on which cloud services are based may cause trouble for department financial teams.

In utility billing models the customer pays each month for the resources used during the monthly billing cycle.

For DoD, however, unpredictable events during the cycle may drive a rapid increase in computing resources and a corresponding increase in unanticipated costs to the department, the report stated.

This causes even more of a problem because DoD cannot authorize payments without a legal obligation of funds.

“Programs need to allocate additional funds beyond those they anticipate using in order to cover any unanticipated use of cloud service,” the report states. “As they get closer to the end of the fiscal year, programs will need to reprogram any unused funding or risk losing those resources.”

Another problem facing cloud adoption is predicting which account to use when paying for the cloud services. IT infrastructure is usually purchased with procurement funding, but since cloud services will be leased from private companies, programs will need to use operations and maintenance funds.

“A program’s mix of O&M and procurement funding may be set years in advance of the need to execute those funds. Under this period of transition from traditional IT to cloud services, it can be a challenge for programs to accurately predict the appropriate mix of O&M and procurement,” the report stated.

DoD also may have a problem establishing contract vehicles that let the department take advantage of ongoing price reductions and the “rapid elasticity” of commercial cloud.

As cloud services become more common, technology becomes cheaper and companies battle for market share, cloud prices have fluctuated. The report stated cloud  services contracts need to find and implement mechanisms that let service rates adjust over the life of the program.

Terry Halvorsen, the DoD CIO, is investigating several approaches to solve the problems. One option is to use firm fixed price contracts with economic price adjustments to let DoD take advantage of changing prices.

DoD is considering the use of “not to exceed” limits in contracts to prevent using unallocated funds in the case of a rapid rise in resource usage. The contracts would have alert notifications to warn the department when the bill was nearing its limits.

DoD also is exploring using a working capital fund or revolving fund to pay for cloud services on a monthly basis.

So far, the Pentagon is using at least eight different companies to provide cloud services. Google provides the cloud for the Defense Education Agency’s Learning Management System and Amazon provides services for DISA’s Information Assurance Support Environment.

In recent years, the military has made an effort to host less of its material on its own drives and contract more private companies to provide cloud services.

The goal is to spend less money providing for hardware and constantly upgrading drives. Private companies can procure the best available technology faster than DoD, which needs congressional appropriations.

Halvorsen gave the military services and department components the ability to procure their own cloud services independent of the department last year.

Since then DoD has released a security guide, which aligns DoD cloud security requirements with the Federal Risk and Authorization Management Program (FedRAMP), the standard for federal government cybersecurity for cloud services.

The department assigns more security requirements to companies that want to handle data that requires higher levels of assurance.DoD as cleared 36 companies to provide cloud services for documents at the lowest sensitivity level.

Amazon is the only company currently approved for more sensitive documents.

More from Federal News Radio: