CIA building secure cloud-based system
The spy agency says its internal cloud enhances flexibility and keeps secret data safe.
Computerworld - One of the U.S. government's strongest advocates for cloud computing is also one of its most secretive operations: the Central Intelligence Agency.
Jill Tummler Singer, the CIA's deputy CIO, said that the spy agency is adopting cloud computing in a big way based on its belief that cloud technology makes IT environments more flexible and secure when kept within a firewall.
While the CIA has been steadily building a cloud-friendly infrastructure -- it has long used virtualization technology, for example -- its decision to widely adopt cloud computing is a relatively recent one, Singer said.
"Cloud computing as a term really didn't hit our vocabulary until a year ago," she told an audience at Sys-Con Media's GovITExpo in Washington this month.
However, the agency's widely deployed virtualization technology, which abstracts the operating system and software from the hardware, "is the foundation of the cloud," Singer said. "We were headed to an enterprise cloud all along" without using the term.
Today, the CIA also uses mostly Web-based applications and thin clients, reducing the need to administer and secure individual workstations, she said.
Singer said that security is bolstered by the CIA cloud's use of standards-based technology that reduces complexity and allows for faster deployment of patches. "By keeping the cloud inside your firewalls, you can focus your strongest intrusion-detection and -prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector -- the Internet," said Singer.
Moreover, everything in a cloud environment is built on common processes. When it comes to security, for example, there is a "consistent approach to assuring the identity, the access and the audit of individuals and systems," she said.
Singer did note that there are limits to the CIA's use of cloud computing. For instance, the agency isn't using a Google model of spreading data across all its servers; instead, data is kept in private enclaves protected by encryption, security and audits, she said.
Singer discussed the CIA's cloud plans less than a month after White House CIO Vivek Kundra unveiled the first service in the U.S. government's new cloud computing initiative: a Web site where federal IT managers can buy online applications and basic computing services from Google Inc., Salesforce.com Inc. and other vendors.
Run by the U.S. General Services Administration, the new Apps.gov site is initially focusing on the sale of online applications. It will eventually add IT services such as storage, Web hosting and virtual machines.
The CIA won't be using Apps.gov as part of its cloud computing program; its classified and secret data will remain within the agency's firewalls, said Singer.
At the Sept. 15 unveiling of Apps.gov at NASA's Ames Research Center in San Jose, Kundra said he hopes that Apps.gov and future cloud-based offerings can help streamline the government's annual $75 billion IT budget through the use of cheaper commercial hosting services, and virtualization technologies that can load more applications onto its servers.
Input, a government market researcher, expects that government cloud expenditures will grow from $363 million this year to $1.2 billion in 2014. "I think this is probably a conservative estimate, considering the push from the administration," said Deniece Peterson, an analyst at Reston, Va.-based Input.
Obstacles to the adoption of cloud computing, including concerns about security and loss of control over data, may slow momentum, but Peterson said she expects to see "broader adoption and higher spending after the administration makes progress in some of the pilot programs it has planned."
Robert McMillan of the IDG News Service contributed to this story.
Read more about Government IT in Computerworld's Government IT Topic Center.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Mission Critical: Managing Mobile Applications & Content
- Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network
- At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success
- Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development
- Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices... All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts