Helping the Army Deliver Secure, Cloud-Based Capabilities to the Warfighter
Created April 2022
The SEI helped the Army Evaluation Center (AEC) assess how it can move its systems to cloud-based technologies, and what it must do to address operational test and engineering activities (OT&E) to support those systems and manage technological and cyber risks. To handle this type of technology shift, the AEC needs to transform from an OT&E approach that requires direct access to hardware and software, to one that evaluates systems that the AEC indirectly accesses through a cloud provider. To do so, the SEI helped shape each phase of the product lifecycle, from acquisition to operations and support.
Test and Engineering Challenges in Cloud Computing
The U.S. Army Evaluation Center (AEC) tapped the SEI's expertise in cybersecurity and software engineering to help it develop operational testing and evaluation approaches for emerging cloud-based systems. This work supports the DoD's mission to modernize its systems, and will enable faster dissemination of tactical information, at scale and without regard to geographical location, to the warfighter operating at the tactical edge.
One of the biggest challenges of moving to the cloud is that cloud-computing customers usually don’t have direct control or observation over cloud-computing technologies because these technologies are provided by a cloud provider. Moving to the cloud means that the AEC must figure out how it can mitigate security risks and support systems running on technology that it has only indirect access to.
These challenges become even more complicated by the fact that the AEC must address the rigorous cybersecurity standards outlined by recent Department of Defense (DoD) policies. For example, the DoD’s Cybersecurity Test and Evaluation Guidebook has expanded its emphasis on cybersecurity in recent updates, which affects how organizations acquire, test, and support their computing systems to prioritize security.
Thanks to the SEI’s expertise in cybersecurity and software engineering, the AEC engaged the SEI to help chart a roadmap to assess how it can successfully deploy cloud-computing capabilities while meeting the rigorous cybersecurity demands of the DoD.
Securely Moving to the Cloud
The U.S. Army Evaluation Center (AEC) tapped the SEI’s expertise in cybersecurity and software engineering to help it develop operational testing and evaluation approaches for emerging cloud-based systems. This work supports the DoD’s mission to modernize its systems, and will enable faster dissemination of tactical information, at scale and without regard to geographical location, to the warfighter operating at the tactical edge.
To help the AEC plan for the testing and evaluation it will need to conduct for adopting and supporting cloud technologies, the SEI performed detailed reviews of the AEC’s operational test and engineering (OT&E) activities. The SEI identified the impacts that moving to cloud technology would have on OT&E. One of the bigger challenges is transforming from an OT&E approach that gathers information from direct access to hardware and software, to one that evaluates systems that are only available indirectly through a cloud provider. This transformation requires careful planning from the beginning of the product lifecycle to ensure all necessary information for OT&E is available and accessible.
Although the focus on OT&E activities occurs primarily in the latter phases of that lifecycle, support for testing and engineering efforts must begin with information gathering at the beginning of the acquisition process. For that reason, the SEI reviewed each phase of the lifecycle, from acquisition to operations and support.
The SEI conducted training and workshops to explain its findings to the AEC, and to begin to establish the communications and preparation it needs to make sure it can fully support OT&E activities. As an expert in software engineering, cybersecurity, and cloud computing, the SEI outlined the risks involved in moving to the cloud, the responsibilities the AEC will need to adopt, and a roadmap that identifies how the AEC can assess risks and mitigate them.
The SEI’s support begins with a plan that helps the AEC gather all necessary information during acquisition of cloud technologies. The SEI developed a list of key questions for product managers to ask cloud providers, and examples of information they must gather to support OT&E activities later on. This way, the AEC can be sure that it has everything it needs from the cloud provider when its testing and engineering efforts begin, and it can ensure that it successfully addresses the DoD’s requirements for managing technology and cyber risks.
Learn More
A Method for Assessing Cloud Adoption Risks
•Blog Post
The move to a cloud environment provides significant benefits. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks effectively.
READ