U.S. Department of Defense considers giving private Cloud vendors access to top secret data
Tue 7 Oct 2014
The U.S. government is reviewing two possible scenarios whereby private cloud suppliers and facilitators would receive access to Level 5 and 6 information workloads – the most sensitive of government data.
A newly published Request For Information document reveals that the U.S. Department of Defense [DoD] is particularly interested in collaborating with the private sector on block storage systems and virtual machine management.
In the first scenario, a Data Centre Leasing Model (DCLM), cloud vendors would lease rack space in data centres run by the DoD, and provide services entirely from within that secure facility.
The alternative would be an On-Premise Container Model (OCPM), wherein pre-fabricated data centre equipment modules would sit adjacent to DoD data centres and be supplied with the connectivity and resources to connect and interact with the main infrastructure.
“DISA is exploring several possible ways to integrate commercial cloud services with DoD networks,” according to the RFI, a standard business disclosure intended to help evaluate the capabilities of suppliers. “These models are being considered as possible alternatives in providing cloud ecosystems and services to the DoD community.”
The DoD anticipates that the infrastructure will range from configurations featuring between 10,000 and 200,000 virtual machines. Any vendors selected to the scheme would be subject to an accreditation process and to security screening, and the DoD is employing the Federal Risk and Authorization Management Program to establish screening procedures for authorised cloud vendors, and to generate procedures for continuous monitoring and auditing.
Former Gartner analyst and security researcher at the SANS institute John Pescatore comments: “Think of an infrastructure-as-a-service application where Amazon has a FedRAMP certification and some agency is running their software on that infrastructure. That’s not something that IGs are used to auditing. So they are very conservative.”
The CIA spent several years developing a $600mn secure cloud computing arrangement with Amazon Web Services. According to leaked documents made available via Edward Snowden, the U.S. government’s IT spend in 2013 was $8bn, and the tension between savings and security continue to force a reluctant government IT sector to consider mainstream solutions in a climate of paranoia about online security.