DoD Cloud Strategy The DoD Cloud Strategy reasserts our commitment to cloud and the need to view cloudinitiatives from an enterprise perspective for more effective adoption. It recognizes ourexperience over the past five years and identifies seven strategic objectives along with guidingprinciples to set a path forward. It emphasizes mission and tactical edge needs along with therequirement to prepare for artificial intelligence while accounting for protection and efficiencies.The strategy drives implementation toward the enterprise cloud environment, anecosystem composed of a General Purpose and Fit For Purpose clouds. It focusesimplementation activities on two fundamental types of work: first is the stand up of cloudplatforms ready to receive data and applications, and second is the ongoing work to migrateexisting applications and to develop new applications in the cloud. U.S. Department of DefenseDoD_5e8dcfdc-5d6a-11df-839d-400e7a64ea2aThe Department of Defense (DoD) has entered the modern age of warfighting where thebattlefield exists as much in the digital world as it does in the physical. Data and our ability toprocess data at the ready are differentiators to ensure mission success. Cloud is a fundamentalcomponent of the global infrastructure that will empower the warfighter with data and is criticalto maintaining our military's technological advantage. WarfightersWarfighters are empowered with data to maintain our military technological advantage_65b5976a-395b-11ed-80cc-02970383ea00To drive implementation toward the enterprise cloud environment_65b59940-395b-11ed-80cc-02970383ea00PrinciplesStrategic Approaches and Guiding Principles ~ DoD requires an extensible and secure cloud environment that spans the homeland to theglobal tactical edge, as well as the ability to rapidly access computing and storage capacity toaddress warfighting challenges at the speed of relevance. Technologies such as AI and ML havethe potential to fundamentally change the character of war. DoD will embrace an approach thatleverages multiple cloud providers who can provide General Purpose and Fit For Purpose clouds.The interoperability of the multi-vendor and multi-cloud environment will be governed by oneoverarching enterprise cloud strategy. To achieve the objectives outlined above, the Departmentwill pursue a set of guiding principles that will inform future decisions about enterprise clouds:Warfighter First, Cloud Smart-Data Smart, Leveraging Commercial Industry Best Practices, andCreating a Culture Better Suited for Modem Technology Evolution. Warfighter FirstThroughout the Department's transition to commercial cloud services, it needs tocontinuously test that cloud solutions are built in a manner that never puts the warfighter andhis/her mission at risk. This will require the Department to rigorously red team and challenge itselfwith independent assessments of the cloud environment and to utilize tactical distributedcomputing. At all times, DoD needs to ensure that cloud is addressing the needs of improvingmilitary lethality. By constantly challenging itself around lethality with red teams, DoD can ensurethat the cloud will be positioned to support the challenges ofthe global environment. Cloud Smart-Data SmartTo achieve the objectives outlined above, the Department must pursue a Cloud Smart-DataSmart approach. This approach includes:^^• Cloud Smart: One cloud strategy to adopt cloud solutions that streamline transformationand embrace modern capabilities for multiple clouds and missions^^• Data Smart: Data transparency and visibility enabled by enterprise infrastructure,application standards, and data tagging.^^The Department seeks to leverage the decision making advantages on the battlefieldenabled by AI and ML. The Department will best take advantage ofthese capabilities by executingthis succinct, integrated, and adaptive cloud strategy that encompasses multiple clouds andmissions across the entire DoD. Systems/applications can be designed with the cloud in mind tosimplify adoption and to allow for integration across the Department. Common data andapplication standards associated with conducting operations in the cloud, such as datanormalization/tagging, transport protocols, and interfaces, will be developed to enable andencourage the adoption of enterprise solutions that navigate DoD away from custom, approaches.These standards, combined with the computing power offered by cloud, will allow the Departmentto function at a tempo never before seen, making informed, analytical decisions at machine speed.Best PracticesLeverage Commercial Industry Best Practices ~ In addition to Cloud Smart-Data Smart, DoD must leverage commercial industry bestpractices in its approach. This includes:^^• Leveraging commercial technology, capability, and innovation whenever possible^^• Maximizing competition to ensure that DoD is getting the best technology and value^^• Leverage industry open standards and best practices to avoid lock-in and providemaximum flexibility for future cloud advances^^• Independently assessing the services delivered to ensure that the data remains secure.^^The Department will leverage critical foundational technologies available in commercialcloud computing and storage, to enable innovation wherever possible, while eliminatingconsiderable technical debt and security risk. DoD is positioning itself to get the best value intoday's market of cloud computing capabilities to support warfighting and business requirementsand to grow capability as industry evolves. In addition, DoD seeks to maximize competition, notonly when awarding the pathfinder General Purpose cloud, but also by ensuring access to a varietyof Software as a Service (SaaS) capabilities that are complementary to the General Purpose andFit For Purpose clouds. The Department must take advantage of the advances that Americanprivate industry has made. All of this will be built into commercial pricing structures. IfDoD canadopt this commercial mindset toward cloud computing, it can incorporate commercial industrylessons learned into future architecture decisions. Technology EvolutionCreate a Culture Better Suited for Modern Technology Evolution ~ Finally, through this strategy, the Department seeks to create a culture that is better suitedfor adaptability and modem technology. This includes:^^• Creating an environment where people can innovate iteratively^^• Embracing enterprise solutions and navigating away from custom federated approaches^^• Creating a sustainable culture and workforce that can effectively use what cloud provides^^• Creating a culture that enables continuous learning from our cloud partners.^^Iterative innovation is essential for successfully adapting modem technologies in anevolutionary fashion. To achieve this, DoD will embrace the use of leading modem technologyquickly and more rapid prototyping ofnew systems. Examples include developing and deployingcapabilities for DevSecOps in the cloud environment to securely develop and test software for usein the cloud and using commercial clouds to enable small and medium size companies to moreeffectively secure Controlled Unclassified Information (CUI). To achieve this innovation andcreate a culture better suited for adaptability and modem technology, the DoD workforce mustchange its culture. The Department must develop a cadre of technical professionals, as well asencourage technical proficiency throughout the entire Department. The Department has never builtor implemented an enterprise cloud solution and therefore, recognizes the importance offinding acommercial partner to help begin the process of enterprise learning and the development oftechnical cloud proficiency. GrowthEnable Exponential Growth_65b59b66-395b-11ed-80cc-02970383ea001The pace of data growth is accelerating; in the last two years, the world produced 90% ofall existing data. This is a trend that has been going on for a decade, with no end in sight; however,the Department's ability to access all ofthat data when and where it is needed has not evolved atthe same pace. Modem computing capabilities can access, retrieve, manipulate, merge, analyze,and visualize data at machine speeds, providing substantial decision making advantages on thebattlefield. To adapt to the continuously growing data environment, DoD requires an extensibleand secure cloud environment that spans the homeland to the global tactical edge, as well as theability to rapidly access computing and storage capacity to address warfighting challenges at thespeed of relevance.^^DoD relies on critical intelligence to make vital national security decisions. The quantityand quality of intelligence information has been the tipping point in numerous conflicts. As thequantity of raw information production increases, so does the struggle to organize, analyze, anddistribute that information to make critical decisions.^^DoD must continue to maintain its strategic advantage across the globe. In today's world,this cannot be done without laying the critical foundation needed to harness the power ofits owndata and information systems. This is the realization of cloud computing: the ability to organize,analyze, secure, scale, and ultimately, capitalize on critical information and fight in the digital age.These capabilities must be ubiquitous and available to all Department decision makers,warfighters, and staff. _65b59d1e-395b-11ed-80cc-02970383ea00ElasticityScale for the Episodic Nature of the DoD Mission_65b59e54-395b-11ed-80cc-02970383ea002By implementing a scalable solution, mission owners will gain significant efficiencies inthe execution of mission capabilities and cyber operations by fully embracing the dynamicelasticity of commercial cloud architecture. The Department's cloud infrastructure will allow forprovisioning and deprovisioning of resources automatically. This provides optimum asset utilization when compared to traditional IT infrastructure that is constantly in use, even whendemand is minimal. This efficiency will also eventually improve the government's budgeting,billing, and payment practices by providing detailed resource usage reports for all mission owners.This transparency will further drive more efficiencies in the future on how applications are built.^^Additionally, the cloud pay-for-use model will provide the flexibility to optimize costsacross the IT portfolio and allow DoD to adapt to changing priorities, budgetary conditions, andindustry developments. To achieve this cost transparency, strong governance will need to be putin place for how applications are built and data is transmitted and stored. As we develop thesestandards, implement them, and subsequently learn and better align our services and data to anenterprise solution, we can look to automated tools and techniques to better inform accuratetracking offinancial execution of cloud resources. _65b59f8a-395b-11ed-80cc-02970383ea00Cyber ChallengesProactively Address Cyber Challenges_65b5a0ca-395b-11ed-80cc-02970383ea003DoD must create a standard cloud-based cyber architecture that addresses the needs ofcommercial and internal-based clouds and encompasses infrastructure, applications, and data. Thismust include the ability to keep the environment "evergreen" in terms ofsecurity and technology.^^DoD will produce a unified cybersecurity architecture that addresses cloud and the needsof classified and unclassified missions and data. The capabilities will be tested and assessedindependently and frequently to ensure that cybersecurity attributes remain effective againstdeveloping threats.^^DoD must embrace modern security mechanisms built into modern commercial cloudproviders' platforms to ensure the security of these large amounts of data and to safeguard theinformation. This requires shifting the focus ofsecurity from the perimeter edge of the network toactively controlling use of the data itself. In addition to modern encryption algorithms and keymanagement built into commercial cloud services, proper tagging of data will allow for it to betracked and protected at the necessary levels. DoD will develop a Data Management Strategy thatprovides the focused discussion with respect to data.^^In addition to DoD data security, each Cloud Service Provider will be integral to combatingcyber challenges and securing the cloud. The Cloud Service Providers will automatically scaninfrastructure resources and generated logs, which will be used to identify vulnerabilities early andto make intrusion detection and mitigation in near-real time a reality across much ofthe enterprise.With the rise of hardware vulnerabilities, such as Spectre, and increased insider threat, a focusmust be applied to both software and hardware- which change at an incredible pace. Keeping upwith those changes is difficult, but failure to keep pace has created significant security risks andwill only increase in the years to come. Here, again, modern commercial providers have addressedthis problem. Moving infrastructure from DoD-managed, on-premises facilities to the cloud willtake advantage ofthe rapid roll out ofsoftware and hardware updates. Cloud Service Providers areable to shift workloads within their data centers such that updates are seamless to customers.Hardware with defects or vulnerabilities is constantly swapped out and software patches areapplied with vigor in a secure and fault tolerant manner.^^Although commercial cloud has many security advantages and opportunities for theDepartment, the transition to the commercial cloud environment also presents new securitychallenges. The transition from traditional IT management to the managed cloud service modelalters the balance of visibility and control with ease of use, automation, leading edge technology adoption, and optimization of its information domain. The DoD CIO is responsible for definingthe security guidelines in the cloud environment. The risk and the responsibility for executing thesecurity in the cloud environment is shared between the Cloud Service Provider(s) and the systemowners. DoD CIO will identify the command and control (C2) requirements of the sharedcybersecurity responsibility model between DoD and commercial vendors to ensure standardexecution of C2 responsibilities for DoD information in commercial cloud. The specificrequirements of securing a cloud environment will strain the traditional technical workforce andrequires specialized skills where the Department currently has limited expertise.^^Historically, information security has been heavily focused on perimeter defense: limitingnetwork access at the boundary. Unfortunately, this model is challenging for a commercial cloudenvironment where data is being accessed remotely and shared within and between deployments,regions, and from each Cloud Service Provider to other data locations, such as on-premises datacenters at military installations. Therefore, the Department will shift its security focus fromperimeter defense to securing data and services. This shift will be accomplished first throughstrong authentication for both people and machines and secure encryption mechanisms both at restand in transit. In order to facilitate remote access, the DoD cloud environments will supply builtin cryptographic technology that enables organizations to encrypt communications by default.Since the information security responsibility is shared between the Department and its CloudService Providers, the Department will include language in all cloud computing contracts directingCloud Service Providers to monitor their cloud infrastructure and maintain authenticated,encrypted logging of security-relevant events that generate an audit trail and are engineered to beresistant to tampering. To address the workforce strain in adopting these new security postures,the Department will include cloud adoption assistance and specialized training for its workforceas a part ofDoD Cloud Service Provider contracts. _65b5a20a-395b-11ed-80cc-02970383ea00AI & DataEnable AI and Data Transparency_65b5a354-395b-11ed-80cc-02970383ea004DoD must enable decision makers to use modern data analytics, such as Al and machinelearning (ML), at the speed of relevance to make time-critical decisions rapidly in the field tosupport lethality and enhanced operational efficiency. The algorithms used to inform decisions aredependent on the Department's data and information being organized, secure, and visible in acommon environment. An environment where data is stored in a multitude of disparate anddisjointed stove pipes reduces the efficiency and tempo ofthe Department. To maximize the utilityofcloud computing technologies, data must be managed properly and follow modern technologieslike data lakes and data hubs, which are accelerated and amplified by cloud technology.^^Data stored in an enterprise DoD cloud will be highly available, well-governed, and secure.Data will be the fuel that powers those advanced technologies, such as ML and AL This criticaldecision making data will be made available through modem cloud networking, access control,and cross domain solutions to those who require access. Common data standards will be a key partof the Department's methodology for tagging, storing, accessing, and processing information.Ensuring an enterprise cloud environment will increase the transparency ofthis data, and drive thevelocity of data analysis, processing, and decision making. Leveraging advances in commercialcloud security technologies will ensure the Department's information is protected at theappropriate level.^^Commercial cloud provides the ability to scale and secure both the collection and theanalysis of data stored in an enterprise DoD cloud. This gives mission owners the capability to make decisions with the most relevant information. The distributed nature of cloud computingallows for a more flexible execution environment while simultaneously providing increasedinformation security. This allows for scaling and distributing data repository stores whilemaintaining security posture and providing new opportunities to obtain mission insights throughdata collaboration. Similarly, the computing power required for analysis of massive amounts ofdata can be scaled seamlessly in seconds. This ability to scale will ensure that mission executionis not hindered by insufficient computing and storage capacity and enable the creation of newinformation models that were previously unachievable. _65b5a4c6-395b-11ed-80cc-02970383ea00Tactical SupportExtend Tactical Support for the Warfighter at the Edge_65b5a61a-395b-11ed-80cc-02970383ea005WarfightersThe DoD cloud environment will serve mission owners in every environment, across therange ofmilitary operations, from the tactical edge to the home front, both CONUS and OCONUS,and at all classification levels and disseminations (e.g., NOFORN and REL). We must embracecomputing solutions that enable warfighters in their environment versus forcing them to conformto the current environment ofsiloed data and legacy applications. The integration and operation ofcomputing solutions will be straightforward and repeatable, regardless of the requiredclassification level of the system. This will allow warfighters to make data driven decisions andenhance DoD ability to share data with allies and operate as a coalition force. The security of theclassified environments will support the level demanded by mission requirements.^^Industry has made huge strides in disconnected operations. The Department's GeneralPurpose and Fit For Purpose clouds will capitalize on these efforts to provide the warfighter withthe latest technology where they need it and when they need it regardless of the environment.Cloud devices employed by warfighters at the tactical edge will be ruggedized and adaptable,providing for automatic synchronization to the greater cloud once communication is sufficient orreestablished. While certain DoD programs are not immediately amenable to migration to thecloud, some ofthese sytems may ultimately be bridged to the cloud, while others may be addressedthrough separate non-cloud solutions. But overall, this auto synchronization of information willensure warfighters are retaining data, feeding it back into models, and fighting with the most recentalgorithms. Doing this in a secure environment will be a force multiplier and directly support theprimary goal of the cloud environment: information superiority. _65b5a778-395b-11ed-80cc-02970383ea00ResiliencyTake Advantage of Resiliency in the Cloud_65b5a8f4-395b-11ed-80cc-02970383ea006Enterprise cloud allows for continuity of operations and efficient failover in times of crisisand operational disruption. Cloud computing is a key component in overcoming these challengesand ensuring comprehensive mission execution, due to its distributed, scalable, and redundantnature. Executing this cloud strategy will incorporate standard approaches to leveraging cloud forthis mission resiliency. The enterprise cloud will offer support for failover in times ofinfrastructuredegradation as well as recovery from operational outages and significant cyber incidents.^^The distributed, redundant nature of cloud computing overcomes another cyber challengewith its ability to failover in times of crisis. Our commercial cloud solutions will use advances intechnology to automate failover, solving a major deficiency throughout the Department. DoD willonly be able to ensure continuity of operations for digital services. We will accomplish this bytaking advantage of multi-region and multi-availability zone (AZ) architecture, which existsnatively within major cloud providers, and pairing this with the effective deployment of secure Cloud Access Points (CAPs) to cloud-based cybersecurity solutions for increased resilience. DoDcloud architectures will allow for workloads to shift from one AZ or region to another, within asingle cloud provider, nearly instantaneously upon detection ofthe failure of a primary data center.This will be vital in the case ofhuman-made or natural destruction of a large geographic area. Theconfiguration of automated failover is not itself automatic. To fully achieve this capability,applications will need to be re-architected for the cloud. This will allow the Department to bypassthe cost and manual effort currently required for the Department to maintain multiple instances ofthe same data across cloud providers or on-premises data centers, which does not provide the samelevel offailover as that provided by commercial cloud. _65b5ab56-395b-11ed-80cc-02970383ea00IT ReformDrive IT Reform at DoD_65b5acc8-395b-11ed-80cc-02970383ea007The cloud will allow DoD to further consolidate its sprawling data center assets. TheDepartment still has an opportunity to further rationalize and has done significant work torationalize and reduce data centers. The cloud will provide an opportunity to accelerate and extendthose consolidation opportunities, as well as the opportunity to deliver integrated Defensive CyberOperations (DCO) and achieve efficiencies through rapid deployment of common services. Anenterprise cloud perspective will enable more centralized cloud management and a broaderavailability of security service options for wider cloud adoption by DoD to include those DoDComponents with smaller implementation staff. _65b5ae3a-395b-11ed-80cc-02970383ea002018-12-312022-09-20https://media.defense.gov/2019/Feb/04/2002085866/-1/-1/1/DOD-CLOUD-STRATEGY.PDFOwenAmburOwen.Ambur@verizon.net