CIA Uses Massive Internal Cloud
Thursday, October 8, 2009
One of the U.S. government’s strongest advocates of cloud computing is also one of its most secretive operations: the Central Intelligence Agency. But the CIA has adopted cloud computing in a big way, and the agency believes that the cloud approach makes IT environments more flexible and secure. Jill Tummler Singer, the CIA’s deputy CIO, says that she sees enormous benefits to a cloud approach. And while the CIA has been moving steadily to build a cloud-friendly infrastructure — it has adopted virtualization, among other things — cloud computing is still a relatively new idea among federal agencies. “Cloud computing as a term really didn’t hit our vocabulary until a year ago,” said Singer. But now that the CIA is building an internal cloud, Singer sees numerous benefits. For example, a cloud approach could bolster security, in part, because it entails the use of a standards-based environment that reduces complexity and allows faster deployment of patches. “By keeping the cloud inside your firewalls, you can focus your strongest intrusion-detection and -prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector, the Internet,” said Singer. Moreover, everything in a cloud environment is built on common approaches. That includes security, meaning there’s a “consistent approach to assuring the identity, the access and the audit of individuals and systems,” said Singer. But there are limits. The agency isn’t using a Google model and “striking” data across all its servers; instead, data is kept in private enclaves protected by encryption, security and audits. The CIA uses mostly Web-based applications and thin clients , reducing the need to administer and secure individual workstations. And it has virtualized storage, protecting itself “against a physical intruder that might be intent on taking your server or your equipment out of the data center,” said Singer.
…..In practice, highly virtualized environments reduce the need for hardware administration and, consequently, for system administrators. Barry Lynn, the chairman and CEO of cloud computing provider 3tera Inc. in Aliso Viejo, Calif., said a typical environment may have one systems administrator for every 75 physical servers. In contrast, a cloud-based environment may have just one administrator for every 500 servers or more…..Federal CIO Vivek Kundra is encouraging agencies to adopt cloud computing, and he recently opened an online apps store that enables federal agencies to buy cloud-based services from Google, Salesforce.com and other vendors. That’s something the CIA will not do; its data will remain within the agency’s firewalls, said Singer. Government market research firm Input has revised its forecast for federal cloud-related spending upward; it now expects the government’s cloud expenditures to grow from $363 million this year to $1.2 billion by 2014. “I think this is probably a conservative estimate, considering the push from the administration,” said Deniece Peterson, an analyst at Reston, Va.-based Input. Obstacles to the adoption of cloud computing, including concerns about security and loss of data control, may slow momentum, but “I think we’ll see broader adoption and higher spending after the administration makes progress in some of the pilot programs it has planned,” said Peterson. Singer said the CIA’s IT department was moving in the direction of cloud computing, even if it wasn’t using that term, when it widely deployed virtualization technology. Abstracting the operating system and software from the hardware “is the foundation of the cloud,” Singer said. “We were headed to an enterprise cloud all along.”