What is JEDI Cloud? Inside Microsoft's $10bn Pentagon contract
Last week, the US Department of Defence (DoD) announced that Microsoft had been awarded a multi-year, $10bn indefinite-delivery/indefinite-quantity contract to work on something called JEDI Cloud. Microsoft’s stock rose by 3% on Friday evening as a result.
Over the last two years the DoD has awarded more than $11bn across 10 separate cloud contracts.
The announcement reportedly came as a surprise to some, as Amazon Web Services had been labeled the favourite to receive the contract. There has been some speculation, however, that President Trump’s personal feelings towards Amazon founder and CEO Jeff Bezos may have contributed to the decision.
But what does JEDI Cloud entail?
Standing for Joint Enterprise Defense Infrastructure, JEDI is an enterprise level, commercial Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solution to support Department of Defense business and mission operations.
Data breaches still remain the greatest threat to cloud security, costing the average enterprise $1.41mn per breach, a recent report by cybersecurity firm Kaspersky found. That figure rose by almost $200,000 between 2018 and 2019, IT security budgets now average $18.9mn (compared to $8.9mn the previous year) and Kaspersky predicts that global IT spending in 2019 will reach $3.74trn by the end of the year.
When a company’s cloud servers are breached, millions of people can lose their data, companies can lose billions of dollars - some never to recover. The consequences of a data breach somewhere like the Pentagon, however, hardly bear thinking about.
As a result, JEDI is a project that will see the DoD move around 80% of its data off-premises and, while it claims that the $10bn figure only represents about one fifth of its cloud investment, critics of the contract have written that keeping so much sensitive government information in a single cloud could create further security risks.
“The scale of the missions at DoD will require the DoD to have multiple clouds from multiple vendors,” Babb said in a statement to Federal News Network. “The JEDI Cloud is a critical first step toward an enterprise cloud solution that enables data-driven decision making and allows DoD to take full advantage of applications and data resources.”
A DoD press releases compounded Babb’s statement, asserting that the JEDI contract “will address critical and urgent unmet warfighter requirements for modern cloud infrastructure at all three classification levels delivered out to the tactical edge.”
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.