Are JEDI and the CIA's C2E clouds even comparable?
- By Derek B. Johnson
- Jul 02, 2019
The Defense Department's decision to put all warfighter data in a commercial cloud hosted by a single vendor has generated criticism from both Congress and industry, both of which pointed to the CIA's plans for a Commercial Cloud Enterprise or C2E.
The CIA, which in 2013 signed with Amazon Web Services for a private cloud to house its classified and sensitive data, is now expanding into a multi-cloud, multi-vendor environment. That shift is supplying evidence to some opponents of the Pentagon's $10 billion, 10-year Joint Enterprise Defense Infrastructure procurement that DOD's effort is mired in the past.
However, according to John Sherman, CIO for the Office of the Director of National Intelligence, C2E is "not a great comparison with JEDI because we're further along in our cloud maturity than DOD's environment."
Sherman said the intelligence community needed to first lay down foundational IT infrastructure -- with its 2013 cloud buy -- and acclimate agencies to accessing sensitive, mission-critical data in the cloud before it could embark on a more ambitious, complex expansion strategy.
"[DOD] is where we were five years ago," said Sherman. "Starting with a single cloud is very analogous to where we started."
At a June 25 press event, DOD CIO Dana Deasy offered some similar reasoning for going with a single cloud structure on the JEDI solicitation.
If DOD decided to bring on three or four cloud providers, he said, "all of them have to go through certifications, all of them have to go through [the Federal Risk and Authorization Management Program] … unclassified, classified, top secret work needs to be tested and set up. Data points. Encryption points. Training. Learning the software tools. The provisioning out to individual cloud providers…. I could go on and on," Deasy said. "The reason you want to start with somebody is so you can start to build up a muscle of expertise and talent."
Nevertheless, a recent House Appropriations Committee report complained that the JEDI procurement could "lock the Department of Defense into a single provider as long as 10 years" and lead to missed opportunities for innovation.
The report quotes the CIA's own market survey materials for its C2E procurement, which notes that the intelligence community "is pursuing a multiple cloud strategy to increase access to cloud innovation and reduce the disadvantages associated with using a single cloud service provider,'' and urges DOD "to adopt lessons learned from the CIA's experience implementing cloud computing over the past five years."
IBM's Sam Gordy said in April that the intelligence community "clearly recognizes the value of multi-cloud while encouraging competition, supporting legacy applications and ensuring agency's access to future innovations."
IBM and Oracle each protested the JEDI solicitation, and Oracle followed up on its protest with a lawsuit that is currently pending in the Court of Federal Claims. Oracle's filings are full of citations from Gartner and others claiming that industry best practices argue against a single-cloud approach.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.