Department of Defense’s Cloud Computing Strategy: Saving Money & Increasing Security

Posted 12.29.11 by

The 2012 National Defense Authorization Act (NDAA) recently passed by Congress includes a section on data centers and servers, concerning the IT industry and cloud hosting providers.

The 2012 National Defense Authorization Act (NDAA) recently passed by Congress includes a section on data centers and servers, concerning the IT industry and cloud hosting providers (Section 2867).

What do the provisions call for?
A plan to reduce the resources needed for servers and data centers. The components of the plan include a reduction in:

  • Square feet of floor space
  • Power and cooling utilities
  • Investments in capital infrastructure (measured in cost per megawatt of data storage)
  • Number of applications
  • Full-time personnel/cost of labor

The provisions also call for a performance plan that measures and sets standards for server and data center operations, including the implementation of a strategy for the following:

  • Desktop, laptop and mobile device virtualization
  • Cloud computing transitions for lower costs and greater security
  • Use of cloud computing and data center security services managed by the private sector
  • Reporting standards to measure data center infrastructure aspects, including space, power, cooling, age, cost, capacity, efficiency, etc.

The section also calls for reports from the CIO on the division’s cost-savings as a result of transitioning to cloud computing to be presented to Congress in March of each fiscal year, starting in 2012 and reoccurring through 2016. Hopefully a close analysis of investments and the resulting numbers/reduction of security breaches will provide a more comprehensive framework for annual cloud computing and data center re-strategizing to continue the advancement of the DoD’s IT infrastructure and operations.

Back in August, I blogged about the federal cloud computing strategy proposed by CIO Vivek Kundra with intentions of allocating $20 billion of the total $80 billion IT budget for cloud computing migration alone. The goal is similar to the DoD’s NDAA strategy – consolidate and reduce data center and energy expenditure. Kundra’s Federal Cloud Computing Strategy (official document) outlines the cloud as a fundamental shift in IT and offers case studies and more guidance for cloud migration.

Data breaches may have prompted the NDAA’s new security provisions and attention to standardized data center and server practices. The DoD suffered a major HIPAA violation in September when stolen backup tapes exposed 4.9 million patients and their health records. A resulting lawsuit filed fines of $1,000 per individual, totaling to $4.9 billion. One order among the 11 in the lawsuit requires defendants “set up proper systems and procedures to maintain the privacy of protected information.”

HIPAA, the Health Insurance Portability and Accountability Act of 1996, sets the standards for protecting sensitive patient data that is stored, processed or transferred by healthcare organizations and other companies that deal with patient information. The law specifies that healthcare organizations should implement and follow certain policies and practices in order to preserve the integrity, confidentiality and availability of data.

For more about HIPAA and to find out if/how your company is affected by the law, read our HIPAA FAQ. Or if you’re interested in learning more about cloud computing security, watch an informative video or read the transcript of Private Cloud Security: How Your Data Security Changes in the Cloud presented by our Director of Operations, Jason Yaeger.

National Defense Authorization Act for Fiscal Year 2012 (PDF)
New DoD Plan Could Be Big Boost for Clouds

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!