The U.S. Department of Defense is moving towards a multi-cloud environment with the introduction of the Joint Warfighting Cloud Capability contract, or JWCC. Recently, Pentagon CIO John Sherman mandated that DoD use the JWCC for all future cloud buys, top-secret cloud capabilities and transition existing cloud contacts to JWCC upon expiration.
This transition supports the department’s efforts to modernize DoD’s enterprise cloud capabilities and broader cloud ecosystem. However, transitioning to a multi-cloud community can be an overwhelming feat for defense agencies given hurdles with cyber skill shortages and compliance.
Leadership needs to plan for the impact this will have on the way programs are staffed and the way systems are engineered. Yet, the challenges are not insurmountable.
Impact of the JWCC Transition
In 2021, DoD canceled the Joint Enterprise Defense Infrastructure, or JEDI, contract, a long-standing $10 billion dollar vehicle that was designed to offer enterprise cloud-computing to the department, after years of bid protests. Instead, DoD chose to favor JWCC to fill its “urgent unmet requirements for a multi-vendor enterprise cloud.” The cancellation of the JEDI contract marked the end of single-source vendor contracts and the beginning of a multi-cloud era.
The magnitude of this change is massive — industry and government have spent the last several years building the DoD’s current cloud-capable workforce with skills designed for working with a single cloud service provider (CSP). Now, the focus has shifted to a multi-cloud environment under the JWCC, which has special considerations for standards, skills and security that industry and the department need to get a handle on.
Multi-cloud allows users to distribute data across multiple different cloud systems. In turn, it will allow DoD to more seamlessly share and analyze data across commands and service branches. Although there are clear benefits, DoD must adopt a multi-cloud mindset to be successful in this transition.
Adopting a Multi-Cloud Mindset
Successful multi-cloud adoption requires thoughtful, purposeful action and strategy. One of the biggest challenges for securing multi-cloud is the larger attack surface due to increased complexity.
To create a secure multi-cloud environment, DoD needs to adopt a proven framework for provisioning, security, networking, and application deployment. Standardized workflows at each layer of the stack will ensure rapid authorization to operate.
Advancing zero trust capabilities, especially in the first pillar of identity management, can reduce the larger attack surface of the cloud by only allowing users with authorization to access. The Pentagon is still making progress in its zero trust journey, moving towards the goalpost of a FY2027 deadline.
DoD is also grappling with a major cyber skills gap. Obtaining a top-secret security clearance, required for civilians working in the defense space, is a lengthy process. Skills shortages are followed by difficulty in governance, inconsistent results across the organization, and continued issues with cost optimization.
The federal government is seeking solutions to address the cyber skills gap, including a recently released DoD Cyber Workforce Strategy. For DoD to continue making progress on multi-cloud, it must train its personnel to be aware of these pitfalls and continue recruiting new skilled workers who can help take on this transition.
Guidelines to Ensure Mission Success
Recently, DISA’s Director Lt. Gen. Robert Skinner announced DISA was leveraging infrastructure-as-code and accelerators to help DoD components onboard cloud capabilities, but he also called on industry to help with the transition.
According to Skinner, the JWCC is a “success story,” with a reported 13 cloud task orders totaling over $200 million, and more in the pipeline. Of the current task orders, nine are related to Combined Joint All Domain Command and Control, or CJADC2 — the Pentagon’s newest version of JADC2 that aims to provide leaders with real-time data from all network domains.
With efforts along the way to advance DoD’s cloud capability in mission alignment, the JWCC seems promising.
Transitioning DoD’s legacy systems to a multi-cloud environment isn’t an easy task, but industry partners that know and understand this process, as well as DoD’s mission, can offer recommendations and help drive success for this undertaking.Adhering to best practices for security, federal guidelines and standards, and calling on industry partners will help DoD ensure mission success in the transition to the JWCC.
Melissa Palmer is President of HashiCorp Federal, a supplier of cloud-computing products and services to companies and governments.