Navy CIO says the service is 'on the cusp' of CAC-less cloud access

The Navy has big plans to improve personnel's workflows from progress on rolling out Microsoft Office 365 to developing a solution that allows for secure access without a common access card.

"We are in the midst of deploying Flank Speed, which is the Office 365 and Azure Cloud capability, across the Navy. The Marine Corps has already done their chunk. They're there. The Navy is about halfway through it," Navy CIO Aaron Weis said during a March 23 virtual event hosted by Federal News Network. 

The Navy has been deploying Office 365 across the Defense Department's unclassified network, NIPRNet, to about 240,000 endpoints of approximately 470,000 – a milestone that Weis said brings the service's tech capabilities closer to present day. 

"I got my first mobile device, iPhone, with Office 365 on it. I had Microsoft Outlook and and Teams and whatnot on a device and it was tied in with a OneDrive and cloud based storage. 

And I looked up at one of the folks in my office and said, 'Hey, we're at 2017 – this is cool, right?"

Weis said that while the Navy has crossed the halfway point in its migration there are still challenges with network infrastructure. 

"What we're gated by is back to that network and transport. We could deploy Office 365 much more rapidly, but the experience would be awful, especially when you get to the OCONUS locations," he said. 

"[Indo-Pacific Command], Hawaii, Guam – their core infrastructure isn't ready to sustain that. So, you know, in many cases it's how do you stitch these things together, understanding the critical path and knowing that you know, you're going to get there without kind of killing the workforce along the way. And we need to make sure that that doesn't happen."

Identity management and ditching the CAC

The Navy is working diligently to modernize its architecture as quickly as possible, while being mindful of all of the moving pieces that come with large-scale infrastructure shifts, the CIO said. 

Weis said the service is "on the cusp" of broadly deploying Microsoft Azure's virtual desktop with multi-factor and CAC-less authentication. 

"In fact, I'm at home. And so I'm doing this [interview] over my personal MacBook Air," Weis said. "But 15 minutes before this call I was on my Azure virtual desktop on the same machine that I authenticated through multi-factor authentication CAC-less and was interacting with my [Windows 10] desktop in real time."

The capability, which he said is being tested by several hundred users testing the virtual desktop infrastructure, has the potential to deploy to basically anyone with "a barely viable endpoint." But there's a catch. 

"While you don't need a CAC to access it, you do need your certificate to be able to access encrypted things, to be able to log in to a website that you know wants CAC-based authentication. So there's a solution for that. It's happening," Weis said. 

"We're working it with [the Defense Information Systems Agency] and we are very close to being able to deploy that. So that even though you're logged in with [multi-factor authentication], CAC-less authentication, I can still present my certificate and access an encrypted email." 

The Navy is also developing a solution with its Program Executive Office Digital that allows secure access to applications on the Defense Department's Information Network (DODIN).

"So for example, if there is an on-prem system or application, I will be able to access that from my Azure virtual desktop as though I was physically sitting on the DODIN," Weis said.

The plan is to have access from virtually any device. 

"Our first focus is actually to go replace the existing [on-premises] VDIs that we have," Weis said. "What we have to do is come up with how could we roll this out more broadly, what's its place, how are we going to pay for it…all that stuff."