adam121 - Fotolia

Manage Learn to apply best practices and optimize your operations.

CIA invests in the AWS cloud despite security concerns

Despite recurring cloud security breaches, the number of government agencies and private corporations moving to the cloud is higher than ever. Jeff Kaplan discusses the CIA's decision to move to, and invest in, the AWS cloud.

Despite lingering debate about the security of today's cloud services, the CIA has publicly acknowledged that it is investing approximately $600 million with Amazon Web Services to meet its escalating big data and global intelligence needs.

Even as a new round of scandals surrounding the cloud has emerged with nude photos being exposed from the personal Apple iCloud accounts of various Hollywood celebrities, the number of government agencies and private sector corporations moving to the cloud continues to grow.

Even after the NSA surveillance revelations of the past few years, the CIA's decision to make a big bet on cloud services ironically comes at a time when many corporate executives and end users are apprehensive about the government's role in violating their privacy.

What makes this continued migration to the cloud particularly interesting is that it is about more than just trying to save money.

In fact, 33.21% of those participating in Lieberman Software's 2014 Cloud Security Survey said government snooping deters them from keeping data in the cloud, and 79.64% of survey respondents choose to keep their sensitive data on their organization's network rather than in the cloud. Yet, that's still better than the 86% who, in 2012, said they preferred to keep sensitive data on their own network.

The RightScale 2014 State of the Cloud Survey found higher adoption rates with 94% of organizations surveyed reporting they are running applications or experimenting with infrastructure-as-a-service alternatives, and 87% of organizations are using public cloud. It also found approximately three-quarters (74 %) of the enterprises surveyed have a hybrid cloud strategy, and over half are using both public and private cloud services. These figures may be somewhat distorted because of RightScale's cloud-centric focus, but it still indicates that many corporate and government decision-makers are not letting lingering security questions get in the way of their cloud initiatives.

What makes this continued migration to the cloud particularly interesting is that it is about more than just trying to save money.

The CIO of the CIA, Doug Wolfe, said at a public event in Washington, D.C., in June that the security agency's move to the cloud is partially aimed at encouraging greater agility to respond to a world that is facing growing uncertainty. "I am determined that we will not only have the innovation on how do we spin up the servers ... but we're going to start to bring the innovation from the commercial sector, in terms of applications, to the mission space as well," Wolfe said, according to the Financial Times.

And while some IT managers are concerned about losing control by moving to the cloud, Wolfe believes working with Amazon Web Services (AWS) can give his agency a better handle on its operating costs. The Washington Post reported he stated, "If you're a government customer who has been used to just ordering up however much IT you want, and over-ordering typically, which people do -- they often order for their peak need -- [then] you're going to start getting a bill." According to The Washington Post, he went on to say, "You're going to start seeing exactly what your consumption cost, and start understanding exactly how server storage processing, et cetera, was applied to the problem. So we see this as a tremendous opportunity to sharpen our focus and be very efficient."

The CIA's decision to procure services from the AWS cloud goes beyond a simple acquisition of "off-the-shelf" capabilities. Instead, the agency is working with AWS to develop highly specialized services that can meet its particularly high standards. In fact, the CIA will serve as the conduit of AWS's new offering to 17 other intelligence agencies.

"The goal was, 'Can we act like a large enterprise in the corporate world and buy the thing that we don't have? Can we catch up to the commercial cycle? Anybody can build a data center, but could we purchase something more?' We decided we needed to buy innovation," a former intelligence official said in an article in The Atlantic.

Obviously, not every enterprise has the same purchasing power as the CIA or another major government agency and prominent corporation that is willing to spend millions to craft today's cloud services into the right form to meet their special needs. Small- and midsized businesses might feel particularly powerless to dictate specific terms and conditions to make public cloud services more palatable.

However, the beauty of today's cloud services is that the innovations developed for one demanding customer can often be shared by others that have similar requirements. In fact, today's basic cloud services are far more advanced than their predecessors of just a year or so ago.

The rate of innovation because of the amount of competition in the cloud industry is accelerating. THINKstrategies Inc. refers to the current era as a "Cloud Rush" in which the service providers, like AWS, are doing all they can to win market share. This means they are aggressively working with marquee customers, like the CIA, to satisfy its stringent needs. It also means that corporate decision-makers with lingering concerns about cloud security can expect AWS and the other major players to continue to innovate to mitigate these risks.

Dig Deeper on AWS security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have the recurring cloud security breaches prevented you from moving to a public cloud like the AWS cloud?