“JWCC requires highly skilled services to support office operations, and the delivery of modern enterprise cloud services and related technologies. These services must include technical expertise in cloud engineering, cybersecurity, financial management, program execution support, and technical writing through direct support of system owners and technical experts regarding various challenges with migration to the cloud and leveraging commercial cloud technologies,” officials wrote. 

The Department of Defense awarded its highly-anticipated enterprise cloud contract to Google, Oracle, Amazon Web Services and Microsoft in late 2022. 

JWCC marks a key element in the DOD’s push for digital modernization, and the original contract has a ceiling of $9 billion. Officials have been somewhat tight-lipped about JWCC progress since the program’s inception — but as of August 2024, the Pentagon had awarded just under $1 billion in task orders to vendors competing for the enterprise cloud initiative.

This latest defense cloud-enabling information request was published by DISA’s Hosting and Compute Directorate, which is responsible for managing the JWCC contract vehicle.

“This is a SOURCES SOUGHT NOTICE to determine the availability and technical capability of 8(a) certified small businesses to provide the required products and/or services,” officials wrote.

Such companies have gone through and been verified by a federal government-run federal contracting and training program designed for experienced small business owners who are considered socially and economically disadvantaged. 

In Thursday’s notice, DISA officials list and define associated in-demand capabilities across three categories: Cloud Infrastructure and Engineering; Cybersecurity and Risk Management; and Infrastructure and Software Engineering.

The work is envisioned to be performed at DISA facilities inside and outside of the continental U.S. The anticipated period of performance is a 1-month transition period, an 11-month base period, and four 12-month option periods.

Businesses that aim to respond must submit information including a brief capabilities statement to an email included in the notice, by July 31.

Earlier this year, DISA unveiled plans to roll out a follow-on to the current enterprise cloud vehicle — named JWCC Next — likely in 2026. A DISA spokesperson declined to answer questions Thursday regarding the motivation behind this new sources sought notice, or how it fits into the agency’s vision for JWCC Next.

“As standard practice, DISA cannot discuss open solicitations posted on SAM.gov or other sites, as it could violate established procurement regulations and policies. Therefore, we have nothing to add at this time,” the spokesperson told DefenseScoop.

The post DISA pursues new engineering and IT partners to enable the Joint Warfighting Cloud Capability appeared first on DefenseScoop.

The upcoming losses are due to some DISA employees accepting deferred resignation or voluntary early retirement programs, terminations of probationary employees and other workforce reduction initiatives inspired by Elon Musk’s DOGE, according to Lt. Gen. Paul Stanton, head of DISA and the Joint Force Headquarters-Department of Defense Information Network.

DOGE stands for Department of Government Efficiency.

However, the workforce reductions may glean some benefits for the agency, Stanton suggested during a Senate Armed Services cybersecurity subcommittee hearing.

“It’s giving us an opportunity to ruthlessly realign and optimize how we are addressing what is an evolving mission,” he said.

DISA is the Pentagon’s combat support agency responsible for providing IT and communication support to the military, as well as other federal organizations like the Department of Homeland Security and U.S. Secret Service. At the moment, DISA employs roughly 20,000 individuals — including around 6,800 DOD civilians and 1,200 active duty military personnel — and more than half are contractors, Stanton said.

Across the federal government, agencies are carrying out mandates from President Donald Trump designed to “maximize efficiency” by massively reducing the civilian workforce and making significant budget cuts. At the Pentagon, leaders are currently planning to slash more than 50,000 of the department’s 900,000-plus civilian personnel through deferred resignations, cutting probationary staff and implementing temporary hiring freezes.

Stanton told lawmakers that DISA is using the downsizing as an opportunity to reorganize its remaining workforce and direct more focus to some of its top priorities. 

“Things like the Multi-Partner Environment and initiatives like DoDNet are driving our workforce to perform roles that they hadn’t previously, and so we are doing a realignment,” he said. 

The agency also plans to request Pentagon approval to do a “surgical rehiring” in order to fill any gaps as a result of the workforce cuts that could negatively impact DISA’s missions.

“We need to hire the right people back into the right positions to then lead us forward,” Stanton said.

Along with cuts to its civilian workforce, the DOD is looking to cancel a number of IT consulting contracts following an April memo from Secretary of Defense Pete Hegseth. Components affected by the directive include the Defense Health Agency, the Defense Advanced Research Projects Agency and some of the military services.

Stanton told lawmakers that reviewing IT contracts is already a regular practice within DISA, as it allows the agency to adapt to emerging capabilities and stay aligned with its highly technical workforce.

“In the IT world, as technology changes, we have to continually evaluate whether or not we have the right industry partner performing the right mission, and so we routinely evaluate,” he said. “They’re not consulting contracts. These are individuals that are putting hands on keyboards, that are running fiber optic cables, that are performing server maintenance in a global footprint. And our contracts are healthy and are in a good spot.”

The post DISA expects 10 percent reduction in workforce due to DOGE-inspired campaign appeared first on DefenseScoop.

The achievement is a major milestone for DISA’s Thunderdome initiative, which offers a suite of IT and cybersecurity technologies that various agencies across the Defense Department can use as their zero-trust solution. DISA’s validation of Thunderdome comes more than two years ahead of the Pentagon’s deadline to implement target levels of zero trust by the end of fiscal 2027.

“It is a stellar machine system and environment, and there’s a lot of DOD field activities and agencies that are depending on that solution as its [zero-trust] solution,” Resnick said Wednesday during the Defense Acquisition University’s annual Zero Trust Symposium.

Zero trust is a cybersecurity framework that assumes networks are already compromised by adversaries, as opposed to the perimeter-based standards traditionally employed by the DOD. Rather than establishing a protective cybersecurity boundary over its networks, zero trust requires the Pentagon to integrate new capabilities that can constantly monitor and authenticate its networks and users as they move through them.

The DOD’s 2022 Zero Trust Strategy outlined a minimum set of 91 capability outcomes that agencies and components must meet to achieve “target levels” of zero trust no later than Sept. 30, 2027. The strategy also provided an additional 61 activities that are required to meet what the Pentagon considers “advanced levels.”

Resnick said DISA’s Thunderdome achieved a “perfect 152 out of 152,” meaning the solution is the second to hit all of the department’s ZT capability outcomes. The Navy’s cloud-based Microsoft Office 365 platform — known as Flank Speed — was the first zero-trust solution to achieve advanced levels, and met all 152 requirements earlier this year.

“Thunderdome is the Defense Information Systems Agency’s (DISA) comprehensive ZT solution,” Chris Pymm, Thunderdome portfolio manager at DISA, told DefenseScoop in a statement. “Recently, the Department of Defense DOD CIO purple team has validated that Thunderdome provides advanced level ZT across all 152 activities in DOD’s ZT model. What’s more, organizations can leverage DISA’s Thunderdome procurement vehicle to meet their integration ZT needs.”

According to the agency, the Thunderdome solution leverages enterprise identity credential and access management (ICAM); commercial secure access service edge capabilities; and software-defined wide area networking and security tools.

In 2022, DISA awarded Booz Allen Hamilton a $6.8 million other transaction agreement to prototype Thunderdome, which was later extended to include the Pentagon’s classified Secure Internet Protocol Router Network (SIPRNet). Following 18 months of development, the company received a follow-on production contract in 2023 to transition the solution into full deployment. 

The award is structured as an indefinite delivery/indefinite quantity (IDIQ)-like award to allow for other Pentagon agencies and departments to leverage the OTA over a five-year period. The contract has a total ceiling of $1.86 billion.

Pymm said that Thunderdome “will complete the DISA terrain in June of this year.” The effort’s zero-trust capabilities will be scaled to defense agencies and field activities via the broader migration of users to its new modernized network, known as DODNet, he added.

In fiscal 2025, Thunderdome will be fielded to the Defense Contract Management Agency, Defense Contract Audit Agency, Defense Logistics Agencies, Defense Media Activity, Defense Finance Accounting Service and the Defense Microelectronics Activity.

Moving forward, DISA plans to deploy the capability to the following agencies and organizations in fiscal 2026: Defense Threat Reduction Agency, Joint Staff’s J-6 directorate, Defense Advanced Research Projects Agency, Missile Defense Agency and Defense Manpower Data Center.

Updated on April 2, 2025, at 5:25 PM: This story has been updated to include more information from DISA about plans for Thunderdome and statements from Chris Pymm, Thunderdome portfolio manager.

The post DISA’s Thunderdome achieves advanced zero-trust goals appeared first on DefenseScoop.

Pending accreditation, the chatbot will be deployed to U.S. Indo-Pacific Command and allow users to experiment with genAI models on the Secure Internet Protocol Router (SIPRNet), Jeff Marshall, director of DISA’s Hosting and Compute Center, said during a webinar broadcast Tuesday by Federal News Network. The platform is currently in the accreditation stage and is expected to open up “within the next month or so,” Marshall noted.

The capability was developed in close collaboration with the Air Force Research Lab, which launched its own experimental generative AI chatbot for the Department of the Air Force on unclassified networks — dubbed NIPRGPT — last year. Similar to AFRL’s program, AFRL and DISA are using the effort to evaluate and expedite delivery of commercial AI tools, but the agency’s initiative will be in classified realms, Marshall said.

“We’re not trying to deploy this on our own. We’re not trying to make it a production system. This is [a research-and-development] system that we’re using for Indo-Pacom in order to test large language models overseas,” he said.

Across the Pentagon, organizations have looked to capitalize on commercial large language models and other artificial intelligence capabilities. Although there have been various efforts over the last few years — ranging from task forces to experimental platforms — the department is still learning how the technology can be best used to improve back-office and tactical operations.

Marshall noted that DISA’s SIPR-based LLM will largely help “facilitate that demand signal of, what does an Indo-Pacom commander need and want to utilize AI for? And then, how do we then shape that to what industry can actually provide for us at scale?”

DISA plans to host the chatbot on one of the two Joint Operational Edge (JOE) cloud environments it has deployed to the Pacific. Initiated in 2023, the JOE cloud effort seeks to stand up commercial cloud environments at the agency’s overseas data centers, allowing DISA to place cloud-native applications in locations outside of the continental United States. Along with JOE, the agency is also providing its private cloud capability known as Stratus to areas overseas.

To date, DISA has put two JOE cloud nodes at Indo-Pacom and one at U.S. European Command, and will soon deploy another node in Southwest Asia, Marshall said.

Moving forward, DISA is looking to potentially provide additional JOE cloud environments in Europe in order to support operations for U.S. Africa Command, which is headquartered in Germany. But Marshall emphasized the agency is doing so while balancing demand signals with available resources.

“Let’s don’t just throw it all out there one time and hope that it sticks to the wall,” he said. “We’re taking in the demand signal, we’re making sure that there is a valid need that supports us doing the deployment and then, of course, there’s a budget to cover it.”

Updated on March 26, 2025, at 10:35 AM: This story has been updated to clarify AFRL’s role in the new chatbot initiative and to remove “acting” from Jeff Marshall’s job title.

The post DISA launching experimental cloud-based chatbot for Indo-Pacific Command appeared first on DefenseScoop.

Brian Hermann, director and program executive officer for DISA’s PEO Cyber, told a small group of reporters Friday that the agency expects to complete all ICAM federation activities with the services by the end of fiscal 2025.

The plan is to build off ongoing work with the Army and federate its ICAM solutions in March. DISA will then work with the Navy and Marine Corps to federate their instances by the end of June, and finally complete federation with the Air and Space Forces before the end of September, Hermann said.

ICAM generally comprises a set of IT policies, systems and security tools that verifies users have the right credentials to access certain parts of a network — in this case the Pentagon’s. While various Defense Department components have worked to develop their own ICAM capabilities, the larger department has sought to create and implement an enterprise solution to streamline information sharing across the Department of Defense Information Network, as well as with international allies and partners. 

“ICAM is how we work across the department, as well as how we work with our mission partners,” Hermann said. “Enabling our work with allied and coalition partners means we have to have some connectivity and understanding of who we’re working with in that coalition, make sure that we have an understanding of their access rights and grant them access to DOD resources — as well as grant DOD users access to things that we have to share with those mission partners.”

Overall, ICAM is a key part of the Defense Department’s journey to operating under a zero-trust cybersecurity framework, which requires all users and devices connected to a network to be continually authorized as they move through it. Hermann emphasized that DISA’s federation activity is crucial in the department’s goal of achieving “target levels” of zero trust by the end of fiscal 2027.

“We’re leading that effort for the department,” he said. “Any other ICAM implementations that may exist are going to depend on us getting this federation activity done.”

At the end of 2024, DISA stood up a federation hub to begin work consolidating the Pentagon’s existing ICAM instances, beginning with the Army’s, Hermann noted. The hub gives DISA a “total picture” of all the information users can access and ensures the agency can deconflict roles they might have in other systems across the department, he said.

Once the federation is complete with the military services, Hermann said DISA plans to connect with the Defense Manpower Data Centers — a repository of information on the Pentagon’s personnel and manpower. The agency plans to pick up ICAM federation efforts on classified networks in the future as well, he added.

While Hermann couldn’t provide an exact number of applications that will need to be federated across the Pentagon, he said it is more than first expected. He noted that federation work has also given different components insights on what systems they can modernize and others that have to be replaced in the future.

“This helps the exercise of determining whether something needs to get modernized and moved to ICAM, or it needs to potentially go away and cease to exist,” Hermann said. “I think there’s a lot of application rationalization that goes on across the department in this process, and that’s probably a good house-cleaning exercise.”

As it goes through the federation process, DISA is working with Pentagon components to determine whether an enterprise ICAM solution will meet their specific needs and avoid having too many instances across the department, Hermann said.

“We really want to prove that there’s no way that [something] could be supported by an existing ICAM before we create new ones because it’s not cheap to do this. There ought to be a real strong impetus for why we would have more of these,” he said. “I strongly believe in enterprise, and I want to try and make it work as much as possible. When we do that, then we have less requirements for federation because more users are being served by the enterprise solution.

Still, Hermann emphasized the importance of finding the right balance of ICAM solutions available, as having too few available would create bottlenecks for the Defense Department. To that end, allowing the military services to have their own ICAM solutions is helping DISA move faster with adoption, he said.

“My sincere hope is that at some point in the future, we can consolidate somewhat, but getting everybody to ICAM implementation and adoption quickly is served well by having some separate instances of ICAM,” Hermann said. “That, right now, is the longest pole in the tent of adopting ICAM — making sure that the application owners are able to work with their ICAM providers and get their applications connected.”

The post DISA aims to connect DOD services to federated ICAM solution by end of 2025 appeared first on DefenseScoop.

The new document will be released “fairly shortly,” Kevin Mulvihill, acting principal deputy CIO, said Monday during the Defense Information Systems Agency’s annual forecast to industry. The directives will build upon the Pentagon’s Software Modernization Strategy published in 2022, as well as the follow-on implementation plan published in 2023, he said at the event.

“We’re in the process right now across the various services and components to update their implementation plans in [fiscal ’25 and ’26], with the focus to accelerate those strategic goals, to adopting the enterprise cloud, really looking at the department-wide software factory ecosystem there,” Mulvihill said.

Along with the Pentagon’s enterprise-wide modernization plan, several of the military departments and other DOD components have been moving in recent years to update how they buy, develop and deploy software for their systems. Some of the services — such as the Army — have published their own software modernization strategies, and others have stood up and bolstered their respective software factories.

Mulvihill said there’s been significant progress among the individual services and components, and that all of the key initiatives outlined in the Pentagon’s implementation plan for software modernization were accomplished by their deadlines.

“Hopefully in a helpful way, we’re trying to bound that with the right level of department-wide guidance and instruction that we’ll have out here fairly shortly from the CIO’s office,” he said. “That helps with the instruction, to really try to advance those software factories but do it in such a way that we protect the software development and make it safer and secure.”

A key element to the Pentagon’s software modernization goals is the proliferation of DevSecOps principles and tools across the enterprise. DISA is in the process of bringing two of its major DevSecOps pipelines — the Command and Control Software Factory (C2SF) and Vulcan — together so that they can “combine forces” and offer more tools to users, DISA Deputy Director Christopher Barnhurst said at Monday’s event.

But more work must be done to change the culture around software development and deployment, Barnhurst added.

“Part of the challenge I see is getting folks to buy into that. And not just buy into it but to understand DevSecOps mentality and processes more in the agile development kind of way of thinking,” Barnhurst added. “Along with all of the policy and the tool sets, it’s more of a cultural shift as well that just takes time to get people in a frame of mind.”

The post DOD looking to release enterprise-wide guidance on software modernization appeared first on DefenseScoop.

Stanton, an Army officer, takes charge from Lt. Gen. Robert Skinner, who headed both organizations the past three-and-a-half years and will retire after a 40-year career that started as an enlisted sailor in the Navy.

DISA is a combat support agency responsible for operating and maintaining the DOD network along with providing the warfighter with critical IT-related capabilities, and JFHQ-DODIN is a subordinate headquarters under U.S. Cyber Command responsible for protecting and defending the Pentagon’s network globally.

“I leave this agency and command with a deep sense of humility, optimism, confidence and, most importantly, honor,” Skinner said, according to DISA. “I have truly been privileged to lead and be among our nation’s finest, working the most difficult problems, making the impossible possible. It is my hope today as I relinquish leadership of these two organizations, that I too have given more than I have received.”

Skinner helped stand up JFHQ-DODIN as its first deputy commander roughly 10 years ago, and oversaw many transformative efforts within DISA. In May, he crafted a strategic plan that aimed to get DISA back to its combat support agency roots.

Stanton, who most recently was the commander of the Army’s Cyber Center of Excellence and a veteran of Cybercom, lauded Skinner’s leadership over the years.

“Lt. Gen. Skinner has been a mentor of mine for years, providing valuable counsel and sage advice,” he said. “I’m honored for the opportunity to join the amazing team in stride as we remain trusted to connect, protect and serve.”

The ceremony was also attended by several top DOD cyber and IT leaders.

“This team, all of you, are engaged with our adversaries and our competitors on a daily basis, 24/7, and the very definition of success is nothing short of mission assurance for the joint force and for serving our nation’s decisive advantages,” said Gen. Timothy Haugh, commander of Cybercom and director of the National Security Agency. “The mission has been accomplished by all of you over the past three years, enabled by Bob Skinner’s leadership. It is a fantastic way to wrap up a career of dedication serving our nation. JFHQ-DODIN and DISA will be in terrific and very capable hands with Lt. Gen. Paul Stanton at the helm and all of you working missions. Paul was built for this job.”

Acting DOD CIO Leslie Beavers noted that Skinner was the right leader for the right time to guide the department through the COVID-19 pandemic and the Commercial Virtual Remote platform efforts necessary to keep personnel connected, adding it will take a “warrior-scholar to take the handoff from Bob and move those and many other initiatives down range, and we found one” in Stanton, who is “the perfect person to take on this challenge.”

For Stanton, who earned a Ph.D. from Johns Hopkins University, taking on that challenge comes during “an unprecedented period of significant change in an unsettled world that has an insatiable appetite for data,” he said.

“At the core of our responsibilities, we must securely and reliably get the right data to the right place at the right time to make a better and faster decision than our enemies, period,” Stanton said. “This is our business. This is warfighting as it has been, it is today and will be in the future. This agency and command are critical to our nation’s warfighting success. Failure is not an option, and excellence is our standard.”

The post Stanton takes over at DISA, JFHQ-DODIN appeared first on DefenseScoop.

Much of the DOD’s tech is decades old, which isn’t helpful as the Pentagon pursues cloud migration and other digital transformation efforts.

“We have a lot of legacy applications within the department — I mean a lot,” John Hale, chief of cloud services at the Defense Information Systems Agency, said Thursday during a panel at a GDIT event produced by FedScoop in collaboration with AWS.

“We still have applications that run on mainframes that are critical to day-to-day operations, and the people who wrote those are dead. Right? Point blank. And so, you know, how do you modernize those? How do you facilitate those and move those applications into a more cloud-friendly environment? And we’re using AI, actually, to do that,” he said. “We’re using AI capabilities to actually modernize legacy code that all the people who ever wrote it are long gone. And, you know, it’s not perfect, but it gets us like 80-85 percent of the way there, and then we’re able to manually fill in that last 10 to 15 percent to bring these applications into the 21st century. Right? And that’s a combination of, you know, cloud capabilities, but it’s also a combination of AI and the ability to think outside the box from a leadership perspective.”

But IT modernization isn’t just a technology challenge at the DOD. There are also policy-related hurdles.

“I would say the number one barrier, and I harp on this on a regular basis, is acquisition policy within the department,” Hale said. “We still buy IT as if it was a weapon system. You have to do your planning and your budget cycles in such a way that don’t really facilitate agile capabilities, right? My joke was I just submitted my best [fiscal] ‘26 budget, right? So it’s September of 2024. I just submitted my budget for 2026. And in that budget, I had to submit my FYDP plan, my five-year plan. So not only did I submit my budget for 2026, I had to also plan what I was going to spend all the way through to 2031. In today’s world, with how rapid things are changing and how agile technology and capabilities are, … those are the handcuffs that we’re playing under.”

Rather than trying to predict years ahead of time what the Pentagon’s IT needs will be, it would be better for officials to have more flexibility to buy capabilities on demand, he suggested.

“Those are where I think the procurement laws need to be changed and updated to deal with what we’re doing today because the policies that are in place from a procurement and acquisition aspect are rooted in, you know, 1945 thought. And we’re just, we’re way beyond that,” Hale said.

He noted that he’s working closely with officials in the department’s acquisition arm to try to change problematic policies where they can.

The current way of doing business can be a headache, which causes DOD employees to try to find workarounds, he suggested.

“It is such a hindrance to getting things done within the department that you end up with shadow IT that people are hiding everything in everywhere they can, in order to get the job done. And in the end, it’s only going to make things more vulnerable,” Hale said.

The post Pentagon using AI to modernize legacy code appeared first on DefenseScoop.

The JOE effort started in 2023, and the technology has already been put in place at key U.S. military hubs in the Asia-Pacific. DISA is also moving forward with another initiative to deploy the Stratus private cloud at overseas locations.

“OCONUS cloud is both a vehicle for the public cloud to have a joint operational edge — which we call JOE — and there’s also OCONUS Stratus, which we have out in the Pacific, and we also now are just about done with deploying in Europe,” Jeff Marshall, acting director of the Defense Information Systems Agency’s Hosting and Compute Center, said Tuesday at an event hosted by Defense One.

“The whole concept is real simple. As you’re in a region outside of the continental United States, you start to have network latency in getting to your data … and you start to see performance drag with the things that you’re trying to accomplish. And when you’re talking about mission partners with mission-critical activities going on in the Pacific or in Europe, you really can’t have those performance degradations. So what these products allow the mission partners to do is actually host their most critical applications closer to them, [with] less latency, and they’re able to get their missions accomplished,” he said.

In June, then Defense Department CIO John Sherman told DefenseScoop in an exit interview that a JOE cloud capability was being set up in Hawaii, another was coming online next in Japan, and the Pentagon was looking at sites in Europe.

It appears that progress has been made on that front.

“We have it deployed in a location and it’s up and running in Hawaii. We’re deploying and it’s in the process of getting prototype workloads on it, and that one is going into Japan. And then we’re also deploying it right now and getting it set up for mission partner prototyping in Europe and out of Germany,” Marshall said.

Hawaii, Japan and Germany each host large U.S. military bases with tens of thousands of personnel and are key overseas hubs for the Defense Department.

Stratus is also up and running in Hawaii and Air Force personnel are already using it, according to Marshall.

While Stratus is a private cloud, JOE is related to the Joint Warfighting Cloud Capability (JWCC) offering, which is a public cloud.

In December 2022, cloud service providers Google, Oracle, Amazon Web Services and Microsoft were awarded contract spots on the $9 billion JWCC program and are competing for task orders.

“JOE is specific to the JWCC public cloud … contract,” Marshall said. “We’re going to have them set up for each CSP, and once that is going to accomplish mission-critical workloads that work best closer to the mission partners outside of the continental United States, we’ll be able to push them out to those nodes, and then the mission partners will be able to utilize that data quicker.”

Although these cloud initiatives aren’t yet connected to the tactical mission partner environment that the U.S. Indo-Pacific Command is setting up to boost interoperability with allies, that is a possibility, Marshall suggested.

“It will be eventually. One of the things that is on our DISA Next strategy, as well as the Fulcrum strategy from DOD, is how to better integrate with mission partner environments as well as coalition environments. So this does allow that to be set up so that we can use those as start points for those types of environments as policy comes out around that, that we can then deploy infrastructure in support of,” he said.

The post DISA’s overseas cloud efforts gain JOEmentum in Europe appeared first on DefenseScoop.

Pentagon officials have strongly encouraged Defense Department components to use a public cloud environment known as the Joint Warfighting Cloud Capability (JWCC). But while JWCC had its advantages, it’s not always the best fit for all workloads, noted Jeff Marshall, acting director of DISA’s Hosting and Compute Center.

JWCC is the Pentagon’s high-priority enterprise cloud effort that replaced the aborted Joint Enterprise Defense Infrastructure (JEDI) initiative. Google, Oracle, Amazon Web Services and Microsoft were all awarded contract spots under the $9 billion JWCC program in December 2022 and are competing for task orders.

“Whenever anyone talks about cloud and what DISA offers for cloud services, everyone first thinks of JWCC. However, now that it’s been out there for a while it’s time for us to start looking at, is public cloud the right vehicle for every workload?” Marshall said at an event Tuesday hosted by Defense One.

DISA has a hybrid-cloud broker office and officials are looking at customers’ needs rather than approaching it from a one-size-fits-all perspective.

“Maybe they’re already in AWS or Microsoft or Oracle or Google, and they’re realizing that for performance reasons, for data ingress/egress reasons and for security and compliance reasons, maybe not all of their workload actually fits there anymore. And so now what we’re doing is we’re taking a more holistic approach and we’re looking at cloud as a hybrid cloud environment,” Marshall said. “We’re finding that sometimes JWCC and the public clouds is the right space for their workload, but at other times, we find that it’s actually private cloud in our Stratus offering that’s the right workload.”

According to DISA, Stratus provides a multi-tenant, self-service management capability for compute, storage and network infrastructure, including an on-demand web-based portal where customers can manage their resources.

The adoption of Stratus across the department is currently “going OK,” Marshall said.

However, as Defense Department components flock to public cloud offerings such as JWCC, agency officials are looking at ways to improve Stratus to meet the needs of users.

“We’re actually right now, we’re looking at a prototype of retooling it and making it a better private cloud offering to where if you do need boundaries that the public cloud can’t provide you, if you do need performance that you can’t get from there, and if you do need white-glove service you can’t get. And so what we’re doing with Stratus is we’re actually looking at now prototyping a refresh of the infrastructure, and with that, it’s going to be able to give us the ability, within the next year or two, to be able to offer the same set of parameters that we can offer you with JWCC. So we’re going to be able to give you scalability, elasticity and metering within that. So we’re there,” Marshall said.

“We’re moving into that space, and we’re now starting to use the hybrid cloud broker office to go out to mission partners and get that demand signal to try and understand what do you have out there and is it where it should be? Let us help you figure that out. Let us help you determine the metrics around that. And then when it’s ready, we can bring the workloads in that probably should be in a private environment for [various] reasons,” he said.

There are several reasons why it might make more sense in some cases for DOD users to pick a private cloud, according to Marshall.

For example, sometimes the performance needs of mission partners’ workloads are very high.

“It’s a huge database that requires a lot of activity, a lot of moving parts and a lot of infrastructure to support. While JWCC offers those things within the contracts, sometimes mission partners realize that they get very expensive very quickly — beyond what they are willing to pay for. And in those cases, we can generally offer that at a bit better discount for the big items,” he said.

Supportability is another issue. Support from big cloud service providers can come at a tiered cost, Marshall said.

“It gets more expensive for the mission partner, and so when they require a really high level of monitoring, of capacity watch, of just supportability and oversight of whatever that workload is and what it’s on, that’s another use case where we can do it better on a private cloud environment, because we can do what we call white-glove service and really give them a high level of high touch on that,” he added.

Marshall also cited security as a concern that might lead customers to prefer something like Stratus.

“While the CSPs do a great job in that space, sometimes there’s just one or two things that the mission partner is not overly happy about. And so in those cases, bringing it back into a private cloud within our own data centers, on our equipment allows us to better secure it for them,” he said.

The post DISA looking at ‘retooling’ Stratus cloud offering appeared first on DefenseScoop.