CIA's Cloud is 'Pretty Close' to Invincible, CIO Says
The agency wants to operate more like commercial companies, not the government, CIA CIO John Edwards said.
For the CIA, going commercial never felt so good.
John Edwards, who became the spy agency's top tech executive last year amid the intelligence community’s seismic shift to cloud computing, said striking a deal with Amazon Web Services was the “best decision we ever made.”
Speaking Wednesday at the AWS Public Sector Summit in Washington, D.C., Edwards gave a glimpse at unclassified advancements in how the 17 agencies of the intelligence community use the C2S cloud. Broadly, he said cloud computing at the CIA has led to improved security, upped mission impact and avoided costs with maintaining decades-old legacy systems.
“We want to be like commercial companies, not the government,” Edwards said. “[Cloud] is the most innovative thing we’ve done, and it’s having a material impact on the CIA and IC.”
Cloud adoption among agencies, he said, has increased more than 200 percent year over year, which means the cultural resistance to cloud computing is eroding. The IC has also upped its compute 1,400 percent in three years, one AWS official said. And a DevOps Factory through C2S now boasts more than 4,000 developers, allowing for “higher-quality, more consistent code” at higher velocity, Edwards said.
And perhaps AWS' most important service, the classified Marketplace launched last April, now has over 100 applications analysts and developers can try out and—if they meet mission needs—use for as long as they wish. The IC Marketplace is essentially the classified version of AWS’ commercial marketplace, and a mechanism whereby IC users can play with properly vetted services and quickly apply them to mission without lengthy acquisition cycles, Edwards said.
Seventy more applications are in the pipeline, and Edwards said the service is clearly disrupting the status quo.
“In the past, if we wanted to bring a new application into the agency, we’d do a market survey and acquisition process. If it didn’t work, we’d start the process over,” said Edwards, adding acquisitions could often take months or years.
“Now, we can download an app in minutes and try it against our data sets,” he said.
If it works, we can “lease it for as long as we want. If it doesn’t, we blow up that instance and download something else,” Edwards added.
It’s also extremely secure, Edwards said. AWS technically operates and maintains the C2S region for the IC on the CIA’s premise, but the cloud itself is not connected to the internet. The CIA and AWS have partnered to create additional security overlays in addition to the air gap and three geographically dispersed zones of availability.
“I’m never going to say anything you do in the cyber world is totally invincible, but this is pretty close,” Edwards said. “We took a hardened cloud on the outside, dropped it behind our guards, gates and guns. I would argue and say this is the most secure thing out there. It’s a game-changer for us, I don’t think anything out there is any more protected.”