Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
The deputy secretary of defense recently called on defense organizations to move as quickly as possible to the commercial cloud, saying our national security depends on it. But three security requirements are particularly difficult for defense organizations to meet. We take a closer look at what they are and how the Department of Defense can overcome them on its way to successful large-scale cloud adoption.
The Department of Defense (DoD) is pushing hard to move to the commercial cloud on a large scale. But defense agencies may be headed straight toward three hidden roadblocks. Security requirements that are little understood—and far from easy to meet—could stop their cloud migration efforts cold.
In September 2017, Patrick Shanahan, the deputy secretary of defense, issued a memorandum calling on DoD organizations to move as quickly as possible to the cloud—particularly the commercial cloud—to keep pace with fast-moving technological innovations that are “changing the character of war.”
Shanahan made it clear this is a matter of national security. Adopting emerging technologies like the cloud, he said, is essential to preventing “any potential adversaries of the United States from surprising us or overtaking our military advantage.”
Before a defense organization can migrate its systems to the commercial cloud, however, it must satisfy a range of security requirements intended to keep those systems—and the DoD network as a whole—safe from cyberattacks. In our work moving defense services to cloud technologies, we have seen that three of those requirements are particularly difficult for defense organizations to meet.
Navigating the three can be a cumbersome, often confusing process for many organizations, made even more difficult by a lack of expertise and resources. Those security requirements—though unquestionably necessary—now stand as looming obstacles to large-scale DoD cloud adoption.
In our work with defense organizations, we’ve identified the three roadblocks and seen first hand how to overcome them in moving to commercial cloud. Here are our key insights:
The requirement: Before a defense organization moves to the cloud, it needs to comply with the standards in the DoD’s Cloud Computing Security Requirements Guide. Such compliance is a requirement for an Authority to Operate (ATO).
The roadblock: While authorizing officials may have deep experience achieving an ATO for on-premises systems, the quickly changing landscape of cloud security regulations and environments offered by commercial cloud service providers can be difficult to navigate. As a result, identifying the best option which balances security with high velocity delivery of capability can require protracted analysis—posing a major hurdle for accelerated, large-scale cloud migration in the DoD.
How to overcome the roadblock: Provide the authorizing officials with the expertise they need by creating centers of excellence across the defense services to share lessons learned, accredited reference architectures, and best practices.
The requirement: Defense organizations also need a cybersecurity services provider (CSSP), an external entity that continuously monitors a computing environment to make sure it meets security requirements. While defense organizations currently have CSSPs for their non-cloud systems, to move to the cloud they need a provider capable of handling that type of environment.
The roadblock: The DoD’s current CSSPs simply do not have the resources to offer monitoring in the cloud on a large scale (they typically only support systems not in the cloud).
How to overcome the roadblock: Fund current CSSPs to add the cloud role. Look to commercial CSSPs to provide some portion of the services, reducing the burden on DoD and speeding large-scale cloud adoption (presently, no commercial CSSPs have been approved for the DoD).
The requirement: A CAP is a connection, or gateway, between the Defense network (the NIPRNet) and the commercial cloud provider. It ensures that data moving back and forth meets security requirements, and that the defense organization is not exposed to security threats.
The roadblock (There are actually two): 1) The DoD has only one such access point, which does not have the ability, by itself, to handle a large-scale migration to the commercial cloud. 2) The process of getting into a CAP is complex and difficult for many organizations to navigate.
How to overcome the roadblock: 1) Increase capacity by creating multiple access points (“mini-CAPs”). 2) Simplify the process by automating some of the steps, and creating centers of excellence to share lessons learned and tap the expertise of seasoned experts, or “migrators.”
These three security requirements—largely confusing, and mostly off the radar—threaten to blindside the DoD’s critically important move to the commercial cloud. However, through our work with defense agencies, we’ve seen how the process can be successfully navigated. With knowledge sharing, targeted funding, and a few technical changes, the DoD can overcome these obstacles to achieve that same success on a large scale.