The CIA and the Cloud
If your company mistrusts the security of the cloud, it might want to take a look at what The Company is doing.
Mon, April 22, 2013
"The Company" is a term that insiders have long used to refer to the CIA. Is there any organization that takes security more seriously? Perhaps, but probably not within the Fortune 500. And yet the CIA appears to be moving to the cloud.
Seriously. According to FCW, a publication that tracks the intersection of government and technology, the CIA has agreed to a cloud computing contract with Amazon that may be worth up to $600 million over 10 years. Specifically, Amazon Web Services will help the intelligence agency build a private cloud infrastructure.
What? You expected the CIA to put its secrets on the Amazon EC2? I don't think so!
But get this: One reason the CIA started moving to cloud-based computing in 2009 was that it saw the cloud as being more secure than conventional IT systems. Back then, Jill Tummler Singer, who was the CIA's deputy CIO at the time, said, "By keeping the cloud inside your firewalls, you can focus your strongest intrusion-detection and -prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector -- the Internet."
While we don't know exactly how the CIA will be using Amazon's services, it's a safe bet that it will be creating its own private clouds. But the hardware used for those clouds might not be hosted on the grounds of the CIA's Langley, Va., headquarters. Instead, the agency's cloud hardware may well end up hiding out somewhere in Amazon's mammoth U.S. East data center, located in nearby Ashburn, Va. Why? Well, just like any other government agency or private business, the CIA wants to save money in its IT budget.
Now, I'd have to say that if the CIA trusts the cloud, just about anyone can trust it -- provided, of course, that you always keep your eye on security and make sure you and your vendor are taking the steps necessary to safeguard your data. As Michael McConnell, former director of the National Security Agency, said last year, "The economics of the cloud are so compelling they can't be denied. [But] we have to get the security aspects right."
How do you do that? The CIA isn't likely to tell you, or to leak its cloud plans in the next season of Homeland. But there are guidelines from groups such as the European Network and Information Security Agency on how IT shops should handle public cloud vendors and monitor their security measures.