Is cloud more secure than traditional government data centers? The CIA seems to think so.
Federal officials have for years cited cybersecurity as one of their top concerns when moving to the cloud, but a top tech official at the CIA said the technology is better equipped than any legacy system to house the country’s most valuable secrets.
“Security is an absolutely existential need for everything we do at the agency—the cloud on its weakest day is more secure than a client service solution,” said Sean Roche, associate deputy director at the CIA’s Digital Innovation Directorate. “Encryption runs seamlessly on multiple levels. It’s been nothing short of transformational.”
Four years ago, the CIA inked a $600 million contract with AWS to provide the intelligence community with commercial cloud services. Called C2S, the cloud serves the CIA and 16 other IC agencies, hosting secret and top secret classified information.
Speaking Wednesday at the Amazon Web Services Public Sector Summit, Roche presented cloud services as a streamlined, user-friendly alternative to the “cacophony” of legacy systems today’s IT specialists are “desperately” trying to upgrade at organizations across government.
Retrofitting often decades-old tech with new security software leaves agencies constantly behind on defending against the latest digital threats, especially when groups don’t always understand how those systems are configured, according to Roche.
Federal officials have said government won’t fully maximize the benefits of the cloud until it focuses more on the opportunities it can provide than worrying about cybersecurity, and indeed many agencies with particularly sensitive information have begun to overcome these fears. The National Security Agency is moving all of its mission data to a classified cloud environment, and the Pentagon is planning to use it’s long-awaited JEDI cloud to hold data as sensitive as nuclear secrets.
But security benefits go beyond the cloud’s robust architecture, he said. Going to the cloud also gives access to more software-as-a-service solutions, bypassing the traditional acquisition process that can leave agencies waiting months or years to get their hands on innovative tech.
The current acquisition process “crushes souls,” said Roche. “It takes too much time. Commercial and private companies doing no business with the government have to have an on-ramp in.”
Through the cloud, agencies can vet new tools and have them up and running in the field in a matter of months, he said. Groups can also easily update that software as new versions come out. AWS introduced a classified version of its Marketplace feature to the C2S cloud, which gives the CIA and other IC agencies the ability to spin up software in the cloud and test it out before buying. Officials say this gives the IC the ability to make use of innovative software solutions they might not otherwise have access to through government’s traditional acquisition processes.
Though this accelerated processes could benefit every agency, it’s made a particular impact on CIA, where speed is often of the essence, Roche added.
“The age of expeditionary intelligence means going [to] very, very unfriendly places, very quickly to solve very tough problems,” he said. “We can leverage the worldwide workforce with no latency, dragging down huge files, doing analysis and [getting] answer[s]. That’s what the cloud does for us.”