U.S. Navy Boosts Cybersecurity by Moving ERP to the Cloud

File image

Published Aug 26, 2019 7:18 PM by The Maritime Executive

The U.S. Navy has completed its largest-ever migration of computerized business systems to a cloud computing environment, the service announced Friday. The Navy's Enterprise Resource Planning suite, which manages about half of the service's annual spending, now lives on a cloud platform rather than an in-house Oracle-based server system. It is the first time that the Pentagon has moved a large-scale business IT system to a commercial cloud service - in this case, Amazon Web Services' GovCloud. 

“The magnitude of this accomplishment is incredible,” said Secretary of the Navy Richard V. Spencer. “The Navy ERP tech refresh is our largest system cloud migration to date and will enhance the performance of our force. I am proud of the team efforts to accomplish this on an accelerated schedule, cutting the projected timeline nearly in half."

The Navy says that the migration will make the user experience faster and simpler for 72,000 servicemembers across six Navy commands. It also marks a step towards integrating all the Navy's financial systems into a single general ledger and achieving audit compliance, according to Thomas Harker, who serves as the Navy's equivalent of a CFO. The Navy failed a financial audit last year, as did the Army, Air Force and Marine Corps; Pentagon-wide, a lack of IT security control was a major issue, along with an inability to account for spending. 

The ERP cloud migration effort took about three years and tens of thousands of man-hours, according to the Navy, and the service says that it will pay back that effort with a reduced workload for cybersecurity and database maintenance. At present, the Navy runs its finances on nine separate general ledger applications, with diferent formats and different programming languages, and keeping them all secure is a significant challenge.  

"I think it’s a widely accepted practice that you can move from many disparate systems that you’ve got to independently always be checking and protecting and dealing with vulnerabilities, and get that into a more coherent single system, that reduces the attack surface and allows you to much more efficiently ensure that you’re always keeping that infrastructure up to date,” assistant secretary for R&D and acquisition James Guerts told Federal News Network.