Later this year, the Navy will make billions of dollars in awards for the next phase of its Next Generation Enterprise Network contract. But the longer-term future of the Navy’s ashore networks might be determined by a series of smaller, upcoming other transaction authorities.
Next week, the Navy plans to issue three separate problem statements to pave the way for what it’s calling Modern Service Delivery: A cloud-centric concept that posits that its IT users ought to be able to access roughly the same services, no matter whether they’re physically located on a Navy installation or are remotely connected via a mobile device.
Federal News Network's Cyber Industry Exchange: Where does cybersecurity end and physical security begin for federal agencies? Find out at Federal News Network’s Industry Exchange: Cyber.
“Today we have capabilities available to us when we’re on the network, and then a different set when we’re mobile. We want to drive parity for access to services and systems and data, whether we are at work, at home or on the go,” said Andrew Tash, the technical director for the Navy’s Program Executive Office for Enterprise Information Systems (PEO-EIS).
As a starting point for ubiquitous data access, the Navy thinks it needs a new approach to identity and access management. So the first problem statement will ask vendors for an “integrated suite” of identity management capabilities that can work across the service’s systems.
“Identity is the new boundary. It assumes breach and focuses our security in a different place: it focuses on the data, and it focuses on user behavior as opposed to the network boundary,” Tash said. “That’s really the main thrust of our strategy, getting away from tightly-coupled services that force people to be on a network to access them. It’s just users connecting to data and services. It may seem pretty simple, but it removes a lot of silos and bad IT behavior that we’ve grown up with over the past 15 or so years.”
The Navy is already beginning to move some of its largest business IT systems — including its main enterprise resource planning system and some of its personnel databases — into the cloud.
And since its key data assets are already beginning to live in a mixture of on-premises systems and commercial hosting environments, giving location-agnostic access to all the data a particular user might be entitled to isn’t just a matter of creating a secure tunnel to the Navy-Marine Corps Intranet.
So the second problem statement will aim to build out the concept of Network-as-a-Service — a structure that would virtualize the Navy’s networks in the same way cloud computing lets it virtualize its servers.
“If all of our business systems are moving to commercial cloud, then shouldn’t we have the most efficient connectivity to the commercial cloud, to the point where I can do 100 percent of my job from commercial cloud services? So now we’ve got to rethink what the [DoD Information Network] means in that context,” Tash said. “Yes, the data is part of the DoDIN, but how we consume that and how we inter-operate with the rest of the DoD community is up for debate. But we look at the business systems as being the primary opportunity right now to leverage things like network as a service.”
The third task to the IWRP consortium’s members will look for technologies the Navy could use to manage its users’ access to the systems it’s moving to commercial cloud environments.
That approach, called Cloud Access Security Broker (CASB), tries to monitor users’ interaction with cloud services and enforce an organization’s security policies even when they’re connecting directly to the cloud provider from an “off-premises” location like their home or mobile device.
Many of the long-term details of the Navy’s cloud-dependent vision will depend on the final disposition of DoD’s forthcoming Joint Enterprise Defense Infrastructure (JEDI) contract.
The highly-contentious solicitation is still tied up in federal court, but in its new cloud computing strategy earlier this month, the Pentagon made clear that it expects the military services and Defense agencies to use JEDI as their primary solution for cloud services.
But Navy officials say they are not waiting for JEDI before beginning some of their major cloud transitions. Navy ERP is the first major application it’s moving to the cloud, but the service is also in the process of consolidating nine separate manpower and personnel databases into a single authoritative data source; it’s looking, for now, to put that information in Amazon Web Services’ GovCloud.
Notionally, the DoD strategy allows the military services to keep their data in non-JEDI clouds, called “fit-for-purpose” clouds, but only by special permission from the DoD CIO.
“Defining what those are will be key as we move forward,” said Ruth Youngs Lew, the Navy’s Program Executive Officer for Enterprise Information Systems. “We have a couple of Navy cloud contracts right now, but those are intermediate steps. Our plan is to fully transition to JEDI at some point in the future, when they get it awarded.”