DISA to take over defense cloud implementation

The Defense Information Systems Agency is taking over the department's cloud office by the end of January, the agency's director said.

Vice Adm. Nancy Norton, who heads DISA and commander of the Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN), said the Cloud Computing Program Office will be completely absorbed into DISA.

"It really pulls together the rest of the cloud strategy that DISA becomes the implementation arm for the DOD CIO's cloud strategy. And whether that's a general purpose cloud or a fit for purpose cloud, all of those offerings are available through DISA," Norton said during a virtual keynote presentation with AFCEA NOVA on Jan. 7.

Control of the CCPO, which is responsible for the JEDI and other cloud efforts, has been under split with DISA having administrative control and the DOD CIO having operational control.

The move comes as DISA works to position itself as the IT provider for defense agencies and field activities, bringing them onto a common infrastructure and providing contract vehicles, such as the $11.7 billion Defense Enclave Services award, for common services.

"I think there's a lot of gains to be made across the Fourth Estate in more standardization and common use of enterprise solutions," Norton said. "I don't want them spending their time, energy, and money on something that is not their core mission if they can get it from us."

DISA has also been working with DOD components and the military services on transitioning to Microsoft Office 365, building a special tenant for the Fourth Estate under the Defense Enterprise Office Solutions contract. Norton said each of the services will build their own tenant that may or may not be under the DEOS contract. However DISA is working with them on a common authentication solution for improved cybersecurity.

On the security front, Norton said there are more than a billion cyber events on DOD's networks a month and that DISA is working on a framework for zero trust implementation that focuses on microsegmentation.

"The most recent activity that we've been working on is putting out our zero trust reference architecture 1.0. So this is going to be an evolving architecture," she said, "but very much a framework that recognizes the need for microsegmentation and how we can incorporate the technologies and capabilities that we have today in our IT infrastructure into those zero trust principles."