John Pientka

SPIES LIKE US ALL AGREE: “CLOUD HAS BEEN A GODSEND

Cloud Has Been A Godsend

Cloud has been a godsend for folks trying to implement systems quickly and for us to secure workloads better,” said CIA Chief Information Security Officer Sherrill Nicely at a recent conference. Surprised that our spies – ahem, the US intelligence community (IC) – uses cloud? What about security? Who built it and runs it? The story behind it, and its rapid and successful deployment, has a lot of lessons for all of us.

Yes, the CIA is a special place and yes, they do have very special security needs. But, if we think about it, they process vast amounts of information and they need to be agile and flexible to respond to evolving threats and situations. The cloud provides that agility and flexibility plus a virtually unlimited sea of capacity. How do you take advantage of that and still meet those special security needs. The answer was to build a “community cloud” that not only the CIA could use but the whole IC of 17 agencies.

Here is one of the best definitions from the National Institute of Standards:

A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. This is controlled and used by a group of organizations that have shared interest.

Sure sounds like this is just what the spooks would want. How they went about getting it was both straightforward and a bit industry shattering. Like most government agencies the CIA ran a procurement. Now Federal procurements are much like a Kabuki dance with very specific steps and regulations that must be followed to the letter. It does not necessarily land up with the government buying the best tech but instead often just selecting the vendor who knows the process the best. Can you say: HealthCare.com?

Nonetheless, the ball got rolling in 2012 and true to the process Microsoft and AT&T protested the CIA’s request-for-proposal specifications in mid-2012, forcing the CIA to pull the procurement and rework it. AWS (Amazon Web Services) then won the contract in early 2013, only to have the process slowed again by protests and legal proceedings from the then only other bidder, IBM.

IBM was and is a big government contractor. AWS at the time was not so much. The odds were that IBM would take this candy away from baby AWS. At first, that’s what certainly seemed to play out when the GAO – first stop in the protest process – declared for IBM. But AWS did not take it lying down and sued in federal court – the next step. To everyone’s surprise, the judge not only gave AWS the contract award but also slammed IBM for some sketchy proposal tactics. This was an industry moment of truth. Mighty Big Blue was not only defeated but all agreed the Amazon solution was better and IBM had tried to cheat to beat it!

AWS got the green light to start work in late 2013 and by early 2015 – less than 18 months – it was up and operational. Then AWS took it a step further with the CIA’s blessing. In the commercial world, AWS operates the AWS Marketplace. The AWS Marketplace was launched in 2012 to accommodate and foster the growth of AWS services from third-party providers that have built their own solutions on top of the Amazon Web Services platform. It provides a one-stop shop to get all kinds of applications and services.

AWS said why not do the same thing for the intelligence community. It launched the IC Marketplace allowing spy agencies – led by the CIA – to evaluate and buy common software, developer tools and other products that meet stringent security standards. This really shakes up the usual Federal software procurement process and enables even more of the flexibility and agility that were the original goals. Once your offering has been vetted for the Marketplace any properly cleared shop can try and buy.

Pretty nifty, eh? When was the last time you thought of your IT as a godsend?

Originally published August 18th, 2016

By John Pientka

John Pientka

John is currently the principal of Pientka and Associates which specializes in IT and Cloud Computing.

Over the years John has been vice president at CGI Federal, where he lead their cloud computing division. He founded and served as CEO of GigEpath, which provided communication solutions to major corporations. He has also served as president of British Telecom’s outsourcing arm Syncordia, vice president and general manager of a division at Motorola.

John has earned his M.B.A. from Harvard University as well as a bachelor’s degree from the State University in Buffalo, New York.

View Website
Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down ...
The Canadian Cloud Council Announce "Control" Featuring Robert Herjavec, Star of ABC’s “Shark Tank”

The Canadian Cloud Council Announce “Control” Featuring Robert Herjavec, Star of ABC’s “Shark Tank”

THE CANADIAN CLOUD COUNCIL ANNOUNCE “CONTROL”. FEATURING ROBERT HERJAVEC. The Canadian Cloud Council (www.canadiancloudcouncil.com) is pleased to announce their eighth ...
Smart Society: How to Trust Artificial Intelligence

Smart Society: How to Trust Artificial Intelligence

How to Trust Artificial Intelligence The concept of a smart society has been around for a long time, but the ...
IoT: Penetrating the Possibilities of a Data Driven Economy

IoT: Penetrating the Possibilities of a Data Driven Economy

Data Driven Economy All of us are accustomed to the smart wearables, such as the ones we wear on a ...
The Return of the CIO

The Return of the CIO

Not long ago pundits were writing the obituary for CIO’s. They were becoming as archaic as the VP’s of Electricity ...
How Modern Architects Transform the Messy Mix of Hybrid Cloud into a Force Multiplier

How Modern Architects Transform the Messy Mix of Hybrid Cloud into a Force Multiplier

Modern Architects Transform The next BriefingsDirect cloud strategies insights interview focuses on how IT architecture and new breeds of service providers ...
Open APIs Alone Won’t Change Banking

Open APIs Alone Won’t Change Banking

Open Banking API's Most people think of banks as one monolithic entity, but they are actually made up of hundreds ...
The Unintended – and Intended – Consequences of Cloud Data Sovereignty

The Unintended – and Intended – Consequences of Cloud Data Sovereignty

Cloud Data Sovereignty It seems that everything has unintended consequences – whether positive or negative. Intended consequences are those that ...
How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home ...
GDPR – A Change in the Making

GDPR – A Change in the Making

Organizations all over the EU must be aware by now that the Data Protection Act (DPA) will be changed into ...