Steven J. Vaughan-Nichols: The CIA and the cloud
Computerworld - If your company mistrusts the security of the cloud, it might want to take a look at what The Company is doing.
"The Company" is a term that insiders have long used to refer to the CIA. Is there any organization that takes security more seriously? Perhaps, but probably not within the Fortune 500. And yet the CIA appears to be moving to the cloud.
Seriously. According to FCW, a publication that tracks the intersection of government and technology, the CIA has agreed to a cloud computing contract with Amazon that may be worth up to $600 million over 10 years. Specifically, Amazon Web Services will help the intelligence agency build a private cloud infrastructure.
What? You expected the CIA to put its secrets on the Amazon EC2? I don't think so!
But get this: One reason the CIA started moving to cloud-based computing in 2009 was that it saw the cloud as being more secure than conventional IT systems. Back then, Jill Tummler Singer, who was the CIA's deputy CIO at the time, said, "By keeping the cloud inside your firewalls, you can focus your strongest intrusion-detection and -prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector -- the Internet."
While we don't know exactly how the CIA will be using Amazon's services, it's a safe bet that it will be creating its own private clouds. But the hardware used for those clouds might not be hosted on the grounds of the CIA's Langley, Va., headquarters. Instead, the agency's cloud hardware may well end up hiding out somewhere in Amazon's mammoth U.S. East data center, located in nearby Ashburn, Va. Why? Well, just like any other government agency or private business, the CIA wants to save money in its IT budget.
Now, I'd have to say that if the CIA trusts the cloud, just about anyone can trust it -- provided, of course, that you always keep your eye on security and make sure you and your vendor are taking the steps necessary to safeguard your data. As Michael McConnell, former director of the National Security Agency, said last year, "The economics of the cloud are so compelling they can't be denied. [But] we have to get the security aspects right."
How do you do that? The CIA isn't likely to tell you, or to leak its cloud plans in the next season of Homeland. But there are guidelines from groups such as the European Network and Information Security Agency on how IT shops should handle public cloud vendors and monitor their security measures.
Don't treat moving to the cloud as some kind of commodity purchase. You are always going to need to do your homework to make sure that your cloud-based services are properly kept up to date and use best security practices.
As Mark Gilmore, president and co-founder of Wired Integrations, a California-based technology consulting firm, recently observed, if your "people fail to meet security standards, such as using complex passwords, and leave machines running for days on end, the likelihood of intrusion is going to increase and eventually resources will be hacked." In short, security basics remain the same, whether you use cloud-based systems or have an in-house client/server setup.
The Company knows that, and so should your company.
Steven J. Vaughan-Nichols has been writing about technology and the business of technology since CP/M-80 was cutting-edge and 300bps was a fast Internet connection -- and we liked it! He can be reached at firstname.lastname@example.org.
More by Steven J. Vaughan-Nichols
- Steven J. Vaughan-Nichols: Windows 7 lives!
- Steven J. Vaughan-Nichols: You can keep using XP for another year, but do you really want to?
- Steven J. Vaughan-Nichols: Told you so! Microsoft backs off on Metro
- Steven J. Vaughan Nichols: Windows 9 in 2015: Desperation isn't pretty
- Steven J. Vaughan-Nichols: Lessons for IT from Windows 8/Metro
- Steven J. Vaughan-Nichols: The Windows killer: Chromebook
- Steven J. Vaughan-Nichols: Amazon Drone: Stunt or service?
- Steven J. Vaughan-Nichols: Microsoft after Ballmer: Can this company be saved?
- Steven J. Vaughan-Nichols: From Microsoft, more Windows fail
- Steven J. Vaughan-Nichols: The Web at 20: What's in store over the next two decades?
Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ESG: The IBM FlashSystem 840: Technical Evolution to Deliver Business Value In this whitepaper, you will learn how this high-speed storage technology has tremendous potential to support I/O-intensive and/or latency-sensitive applications.
- Choosing an MDM Platform: Where to Start the Conversation If you're in the early stages of choosing an MDM solution, or you're considering switching vendors, here are seven critical questions to ask...
- Axeda Platform Technical Overview This paper summarizes the major features of an IoT platform and explains how they simplify and speed the process of developing and deploying...
- Stock Shock: The effect of project and portfolio management on share price In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cloud Computing White Papers | Webcasts