US Navy Abandons Cloud and Data Center Plans In Favor of New Strategy

An anonymous reader writes: The U.S. Navy is not pleased with the progress it has made on data center consolidation and plans to change strategies. "Later this year, we will make an organizational change to our approach to data center consolidation. The Data Center and Application Optimization (DCAO) program office will move from under Space and Naval Warfare Systems Command (SPAWAR) headquarters to under Program Executive Office-Enterprise Information Systems (PEO-EIS) as a separate entity or program office," said John Zangardi, the Navy's deputy assistant secretary for command, control, computers, intelligence, information operations and space and acting chief information officer. The secretary added that over the past three years, the U.S. Department of the Navy had consolidated 290 IT systems and applications at 45 national sites.

This is possibly the dumbest things I've seen...

[Karmashock]

... in awhile.

First law of computer security is physical security.

If the DoD loses physical control over their system then they cannot secure them. This looks like folly to me.

I think DoD consolidated data centers is entirely reasonable and I don't know why they're shifting from that. Being able to hug the server is enormously valuable. If something goes wrong with it, then someone has to hug it. And if it isn't one of your people then that means you're giving access to a third party.

Considering how interested foreign governments are to gain access to these systems, it would be a mistake to think the cloud system is going to protect anything. We've seen repeated examples of the cloud system failing in security.

The cloud system is generally more economical. But that is its only virtue.

As to this notion that the navy has to democratize its tech... the military is not a democracy. What is more BYOD schemes are inherently less secure. If the military doesn't take information security seriously, they are going to get their clocks cleaned.

Putin for example has shifted the FSB to use typewriters that print on PAPER to secure top secret documents because they don't trust their information security. For the DoD to think they can get away with BYOD schemes, commercial datacenters, and "Democratizing" their information security means they have NO clue the sort of resources being put into breaching their systems. This is madness. Ask the NSA if they'd do any of these things.

1. The NSA runs their OWN datacenter. They do not sublet.
2. The NSA doesn't democratize their information security. They dictate it. Within their organization, you comply or else.
3. The NSA would outright laugh at a BYOD scheme since they don't even let cell phones or mobile computers or thumb drives within many of their facilities much less let their staff run around with god knows what kind of machine that has access to their most critical systems for no reason.

This is dumb.

Look, different agencies should be responsible for whatever they understand. If I wanted to run a naval battle engagement, I'd put the Navy in charge of that. If I am trying to secure government computer systems, then I would put experts in that field in charge... give this to the NSA. They know how to breach a system so they know how to secure it.

Stay the Course!

[Jack+Griffin]

I thought the military mindset was to stay the course no matter how obviously flawed the strategy is. It's good to see flexibility is no longer a dirty word.