CIA agent standing between two clouds

CIA, NSA see benefits in double-barreled approach to the cloud

The intelligence community is looking to avoid a “tyranny of one” in its strategy for contracting cloud computing services, according to Gus Hunt, CTO of the Central Intelligence Agency.  Instead, taking a multi-vendor approach will help speed up access to computer resources, avoid vendor lock-in, he said.

“A long time ago, we learned [that] if we have one provider for everything, people tend not to act in our best interest,” Hunt said, describing the intelligence community’s desire to have freedom to move from one cloud provider to another as the situation warrants.

Having that flexibility will require deeper interoperability between vendors, a goal that can be best achieved by industry adherence to open data standards, Hunt said June 20 during a session at an AFCEA Emerging Technologies Symposium in Washington, D.C.

The intelligence community has a two-cloud strategy in which the National Security Agency is building an OpenStack secure cloud computing system for the entire intelligence community, while the CIA is looking to tap the resources of a commercial provider to give analysts access to compute resources and the ability to process large data sets.

The CIA’s goal is to give the intelligence analysts access to resources as quickly and easily as if they were swiping a credit card or making an online purchase. To meet that goal, the CIA is looking to work with a commercial cloud provider for the rapid provisioning of compute resources and processing of large data sets.

The commercial cloud will provide infrastructure as a service, offering users access to virtual or physical servers and other computing resources such as storage. “We are not going to tell anybody what to bring or what software to run,” Hunt said.

Eventually, the commercial cloud will provide software-as-a-service, which typically includes customer relationship management applications, e-mail, collaboration and virtual desktops. “Assuming we can get to a commercial [contract] award,” users can use the commercial cloud as a development and test environment, he said.

(Hunt would not discuss the CIA’s 10-year, $600 million cloud computing contract with Amazon Web Services, first reported by FCW, and the resulting IBM bid protest.) 

Hunt pointed out that most of the work the agency does is unclassified. But when analysts need to, they should be able to forklift their workload and drop it on the classified side, he said. 

The need for more flexibility between classified and unclassified work could be accommodated by the ability to switch back and forth dynamically between the CIA commercial cloud and the OpenStack cloud infrastructure being developed under the auspices of the NSA.

The NSA’s intelligence cloud will provide a powerful channel for platform-as-a-service, which typically involves the hosting of databases, Web servers and development tools. Ultimately, the objective is for users to not know (or care) which clouds their workloads are running on.

The aim behind the two-cloud strategy is to speed up innovation and lower costs, Hunt said, noting that the commercial cloud would comply with Federal Risk and Authorization Management Program security controls, but that the agency needs security that goes above and beyond FedRAMP.

A single cloud broker would then handle both architectures, and if a user wants to add capacity or analyze data, he won’t have to worry about where that happens.

But speed does matter. “Latency breeds contempt,” Hunt said; nothing makes intelligence analysts angrier than workloads taking too long to execute. The world is moving toward more index and memory-type systems to get that speed and performance, he said.

Reader Comments

Tue, Jun 25, 2013 James cage

Interesting article. Came across this interesting whitepaper on cloud security that might interest a few readers “Cloud risks Striking a balance between savings and security” @ http://bit.ly/ZFPu1l

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above