For the last few weeks, the federal IT industry has been trying to decipher the 18-page “DOD Cloud Strategy”. It is dated December 2018 but was posted online this month.
Among the initial reactions:
1. It seems to basically ratify the approach into which the Defense Department has deeply tread. It justifies the still-to-be-awarded Joint Enterprise Defense Infrastructure (JEDI) contact and the upcoming Defense Enterprise Office Solution (DEO) deal. Those are what the policy calls the “General Purpose” and “Fit for Purpose” clouds.
2. If contractors are looking for cloud opportunities, you don’t find much. On initial reading, it feels like software and services companies would be trying to compete with the equivalent of Lockheed, Boeing, and Northrop-Grumman for prime contracts to build airplanes.
Both reactions, though, ignore a lot of what’s actually in the strategy. In reality, it would be a mistake to write the strategy off as signifying no opportunity. To continue with the airplane analogy: The F-35 has 300,000 parts. How many does Lockheed personally make?
In my opinion, the Strategy calls out for a robust ecosystem of suppliers to support the DOD cloud effort.
But first things first. Neither DEOS nor JEDI is awarded, the latter being tied up in court for its second protest. In the meantime, military agencies are moving ahead with cloud plans. For example, the Navy is contemplating a series of contracts for re-architecting and virtualizing its networks for greater security, service delivery and hosting portability. The Air Force has been rationalizing applications and recoding the remaining ones (which still number in the thousands) to accommodate cloud hosting.
So to put it bluntly, until JEDI and DEOS are awards, make hay while the sun shines.
As for the policy itself, Section 1 includes a litany of weaknesses the department has. It needs more still in data analysis artificial intelligence. It has countless systems that are not cloud-ready but should be. It requires independent security analysis and monitoring. Even if DOD follows through on a single cloud provider strategy, it will still need potentially billions of dollars worth of ancillary services.
Sections 2.5 and 2.6 describe a wide range of capabilities DOD will need to extend data-based services to the tactical edge. It states, “While certain DoD programs are not immediately amenable to migration to the cloud, some of these systems may ultimately be bridged to the cloud, while others may be addressed through separate non-cloud solutions (emphasis mine). That sounds like more opportunity.
A more or less incomprehensible sketch in Appendix A of the document lists at the bottom a long list of activities DOD envisions that will lead to the one-cloud nirvana. Once the department gets past the impediments of the award itself, you can bet on a multi-year migration process the chart itself calls Pathfinder to Hybrid Cloud Environments and Multiple Vendors. It also states that to implement the General Purpose cloud “an industry partner will be required.” That singular “an” is cause for concern. But such a partner, in reality, is likely to need many subs.
Ditto for the Fit-for-Purpose plan for collaboration and productivity applications that “will migrate to a subscription service where industry will be leveraged for both applications and infrastructure.” Subsequent language shows that even this requirement will call for multiple vendors.
Finally, the department lists five “fundamental activities required to stand up a cloud environment.” They encompass more than a dozen discrete products or services across technology, governance, training and workforce development and business operations.
For organizations in the industry providing services and products in cybersecurity, training, software and software development, enterprise architecture, data services and a host of others related to cloud, it’s hardly the time to write off the Defense Department.