The NATO Communications and Information Agency is making major changes to the way it manages many of its unclassified web portals.
Through a new enterprise agreement the Agency is migrating many of them from its internal data centres to a vendor's public cloud, saving space in the new server room in The Hague and offering customers increased reliability and improved levels of service. Forty-five portals have already been migrated.
The extranet portals, which hold unclassified information, can be accessed as necessary by partners or customers and are exposed to the public internet.
"We are getting rid of all of the burden of having to support hardware for some unclassified services," said Head of Service Engineering Jose Luis Herrero Pascual. "However, it doesn't mean that we are removing the need to have administrators, or people. We are in fact creating new positions due to the need to manage public cloud services."
Though the Agency doesn't need people to take care of the hardware's lifecycle it will need people to monitor costs consumed to make sure the portals don't exceed the money allocated to them.
"Now we are brokers between the cloud service provider, Amazon, Microsoft, Google, any other, and our customers," he said.
The move to a public cloud offering didn't increase costs for customers. The cost to migrate itself will be absorbed by internal Agency funding, and the Agency is maintaining the same price levels customers are paying now for the on-premise standard portals.
"And we are increasing the availability, we are increasing the response times and we are increasing the reliability," he said. "We are offering the customers free migration with zero-cost impact and improved service."
The portals will also have increased support for cyber protection through the industry partner, Herrero Pascual said.
This effort began in early 2017, when the Agency's security authorities conducted an analysis of several non-classified communications and information systems. They determined the hardware supporting several portals holding NATO unclassified information needed a proper security assessment. And the hardware, they decided, needed replacing or a major upgrade.
Instead of replacing the hardware, the Agency's Chief Architect leadership, with support from Service Lines, decided that this could be a good time to move these portals to the cloud.
For a year or so they worked to inform managers in the Agency and draft an enterprise agreement with the vendor in coordination with the Agency's Legal Office and Directorate of Acquisition.
The Agency signed a service-based contract, which is a different model from many of the Agency's contracts, Herrero Pascual said. The contract was analysed by the Agency's acquisition and legal office.
"The good thing about this contract is that we don't have to pay anything upfront," he said. "We'll pay only for what we consume."
The agreement also addresses NATO's unique needs when it comes to data sovereignty and law enforcement.
Any data hosted by the vendor needs to be physically located in a NATO country. The company is obligated to make sure that the data doesn't leave the region NATO has designated for it to reside. In this project the data will be hosted in datacentres in Germany.
In the near future, the Agency will look at the possibility to migrate other unclassified portals. There is also potential for the Agency to provide these services to the Nations if they ask.
"The architecture allows for expansion, for compartmentalization for national purposes or services," Herrero Pascual said. "And we have people trained to do the job."
About NATO's journey to the cloud: This article is part of an ongoing series focused on how the NCI Agency is embracing state-of-the-art cloud computing technologies. The Agency has organized its efforts in this area into a "Cloud Adoption Roadmap" with pragmatic goals to move key services to the cloud to enable reliable, 24/7 service. The Agency will continue to map out this journey in May through a panel discussion at its annual industry conference NITEC19. To learn more, or attend, visit nitec19.com.