Cloud DJ’s – Episode 2: Pentagon Awards $9B Contract to Multiple Cloud Providers

by | Dec 12, 2022

Multiple Clouds, Cloud Computing, JWCC Contract

Last week the Pentagon announced that it will award its Joint Warfighting Cloud Capability – or JWCC – contract to four vendors: Amazon Web Services, Google, Microsoft and Oracle. The nearly $9bn contract that runs until June 2028 brings in transparency and fairness in the awards process. It also poses challenges ahead such as cloud orchestration, visibility, and cloud responsibility.

While the multi-vendor contract now seems fair and unbiased, it is sure to stir up a hornet’s nest. The four companies will be competing fiercely for individual orders. Will that lead to more courtroom battles?

With pieces of the U.S. DoD IT infrastructure now spread across four cloud platforms, it also raises certain questions about the manageability of the infrastructure.

Hybrid, multi-cloud architectures are common in the enterprise today. In the early days, this architecture posed many challenges. Today, there is more cooperation among vendors, and enterprises benefit from better cloud orchestration through APIs and connectors.

How will this cloud orchestration happen with the Pentagon’s IT infrastructure?

Visibility and management through “a single pane of glass” or dashboard is another ask from private sector CIOs. Will this happen in the Pentagon’s cloud, where secrecy and confidentiality take precedence?

There’s also a risk of data leakage, as cloud service providers tend to create copies of data across data centers in different countries through regions and availability zones. How will the CSPs address data sovereignty?

Cybersecurity attacks by state actors will continue to haunt the U.S. Government. And U.S. presidential elections are just a year away. Yes, big tech companies like Microsoft have stepped up their fight against global cyberattacks. And Google now has Mandiant to firm up its cloud security and keep watch.

Finally, there’s the issue of the software bill of materials or SBOM to be addressed. In a May 2021  executive order, the U.S. government mandated suppliers and contractors to maintain an SBOM for each product. This was done with the intention of mitigating supply chain attacks.

It was widely reported that this mandate was strongly resisted by big tech companies. A trade group called the Information Technology Industry Council, whose prominent members are Amazon, Microsoft, Intel, AMD, Lenovo, IBM, Cisco, Samsung, TSMC, Qualcomm, Zoom and Palo Alto Networks (among others) argued that SBOMs are not currently scalable or consumable.

The new JWCC contract that replaces JEDI is valid until 2028. It will be interesting to observe how the four chosen vendors will cooperate to resolve all these issues in the interest of providing secure infrastructure services to the U.S. government.

See also: Are your Cloud DJ’s Spinning and Scratching Right?

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles