The Defense Information Systems Agency is assisting the Defense Department in navigating through a sea of challenges caused by a major shift in edge computing and cloud.
According to Korie Seville, technical director of the Hosting and Compute Center (HaCC) at DISA, the agency is seeing movement from the enterprise level toward a three-tier cloud architecture with high-speed connectivity, regionalized cloud solutions and the tactical edge environment.
“That third tier of mission-specific, at-scale, at-need tactical compute is sort of that final piece to the overall cloud puzzle, and what we find is when you start talking about multi-tier environments with multiple vendors, multiple providers and public and private cloud, the challenges start to rack up. How do I deploy, how do I deal with costs, security and operations?” Seville said during an FCW event.
DISA has found two main types of challenges with cloud: technical and programmatic. Once an application has been deployed, Seville finds that many people run into problems with portability and availability.
“How do you make an application, take advantage of the cloud provider resources that are available to you, the cost saving and scale measures, but also make sure its portable across different providers and how do you make it highly available to your customers,” he said.
With programmatic challenges, there are concerns with security governance and accreditation.
“You can rely on specific security data coming from different providers and security tools you have deployed to deal with attacks, but if your adversary knows your architecture, looking at one provider’s security data is not going to tell you what’s happening in the other three, and they can devise an attack strategy that hides and annoys between all four of the providers,” Seville said.
The HaCC is confronting these challenges by treating these cloud environments as an extension of their enterprise that takes away all of the latency-based inspection pieces that look inside the network and extend their enterprise to include different cloud providers.
“We move our security more toward the application, look at the data, look at the application itself, secure the applications and let’s get the intelligence from that perspective, but allow that transport to be agnostic, like in that zero-trust model. We will defend at the application level and will create high speed transport between everything,” Seville said.
The HaCC, which defines its environment as code, also uses VOLCAN, DISA’s DevSecOps platform that enables control of its security and configuration from a centralized source. The team is also able to create repeatable environment definitions to where all environments look the same from a boundary and security perspective
“We use a DevSecOps-style continuous integration and continuous deployment system to vet changes when they’re made, push them in a repeatable manner and have security be able to audit those changes on the fly whenever they wish,” Seville said.
The final piece to take edge computing and cloud to the next level is creating the technician of the future, or someone who with a diverse skill set.
“We need the server guy to know a little bit about networks, a little bit about security, but know a lot about server,” Seville said. “We’re really creating a jack-of-all-trades individuals that are specialized in certain areas, and then we create cross functional teams to have them all work together on a particular application deployment.”
According to Barbara McQuiston, deputy CTO for science and technology at the DOD's Under Secretary of Defense for Research and Engineering Office, is also leveraging technology innovation to solve tough operational challenges. The department should harness the incredible innovation ecosystem both domestically and with allies to stay ahead of their adversaries, she said.
Edge solutions is another rich area for emerging technology that can be utilized and rapidly move forward into national and economic security use.
“From the DOD perspective, it can allow us to minimize backhaul bandwidth and costs and put information and computational ability right at the tactical edge and decrease the intercept and observability by our adversaries. So, edge computing and how we develop that is significant going forward,” McQuiston said.
Currently there’s a diverse range of high-resolution 5G network sensors that are being deployed to monitor specific areas of interest providing intelligence understanding and battlespace to support decision-making. DOD also has sensors in 5G high-bandwidth, low-latency for multi-access edge computing.
McQuiston believes that all these emerging technologies won’t move forward if we can’t build it, buy it or use it.
“Understanding how we can invest in these emerging technologies and more rapidly move them forward into the industrial base is significantly important now and in the future,” McQuiston said. “To do that we must be able to de-risk manufacturability and in some cases scale up the manufacturing or in other cases scale out what we need to do.”