About a year ago, my friend Bob Gourley, an influential member of the Intelligence and National Security Alliance (INSA), called me up with an interesting request: “Will you help me out with this whitepaper? It should only take us a few months to get it done.”
Gourley had been asked to put together a whitepaper to address cloud computing for the Intelligence Community (IC). To be honest, many of my IC friends had long ago relegated cloud computing as nothing more than marketing hype. You can clearly imagine my surprise with this interest from one of the premier national security industry organizations!
Needless to say I jumped on this opportunity fast!!
Fast forward to last week, a year into our three month task. I shake Bob’s hand as we look over a standing room only crowd at the National Press Club where a who’s who of the IC has gathered for the INSA Cloud Computing Task Force whitepaper launch and where we presented our findings.
(The promise of savings from cloud computing is shaping into a budget turf war within the the intelligence community, according to those who attended the presentation. Read more here.)
Decision makers in the IC are appropriately focusing on the business model implications of cloud computing. Cloud computing is not just a new technology, but a significant shift in the consumption of IT resources and allocation of IT funding.” – Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community
Thinking back, it’s also a year when National Security Agency Director, Gen. Keith Alexander, National Reconaissance Office CIO Jill Singer and the Director of National Intelligence James R. Clapper, among others, have embraced cloud computing as a critical mission enabler. A year during which I have had the pleasure of reading interviews and distilling the advice of over fifty industry and government leaders on how best to leverage the cloud.
Although early on, Bob had claimed that he and I could have completed the paper in a few days, we now both agree, that would have been a great disservice to the industry and country we both love.
Within the IC, the decision to adopt a cloud model is focused on mission enablement and must be determined on a case-by-case basis. The evaluation of cost savings must bear in mind cost over the complete lifecycle, rather than a periodic budget cycle.” – Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community
My regular readers are well aware of my cloud computing passion. For over three years, I have literally written volumes on this subject. Some have even referred to me as an expert in this area. Now, however, I am free to admit that during the last twelve months, I’ve been taken back to school.
While certainly, the national economic crisis played a significant role in the accelerating cloud adoption, enhancements to mission accomplishment that cloud computing technologies and techniques have enabled are mind boggling.
Literally years before I started focusing on this, many in the IC were already dreaming about the possibilities. Just one example was when In-Q-Tel sold 5,636 shares of Google Inc., worth over $2.2 million, on Nov 15, 2005. The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth.
Based on nearly 50 interviews, though, we found a number of conclusions that are timely not only for those who follow the IC world, but who are monitoring government as wel. Among them:
1. Decision makers in the IC are appropriately focusing on the business model implications of cloud computing. Cloud computing is not just a new technology, but a significant shift in the consumption of IT resources and allocation of IT funding.
2. Within the IC, the decision to adopt a cloud model is focused on mission enablement and must be determined on a case-by-case basis. The evaluation of cost savings must bear in mind costs over the complete lifecycle, rather than a periodic budget cycle.
3. Information security can be enhanced through a cloud computing approach, but only when it is built into the model’s design. If security is not part of the design, cloud computing architectures dramatically increase risk.
4. The type of cloud deployment model adopted will be determined by the sensitivity of data hosted.
5. Those looking to migrate to the cloud must consider impacts on organizational culture.
6. Improvements to how agencies acquire services, software, and hardware are strongly desired by most personnel involved in the implementation of cloud computing, and many believe that the adoption of a cloud solution may catalyze these changes.
7. As standards for cloud computing emerge, thoughtful federal input can contribute to greater security and cost efficiencies. Any organization contemplating adopting a cloud architecture, including those within the IC, should include the ability to support multiple standards.
8. Lessons learned from the IT industry, the private sector, and academia must inform IC decision making. Sharing lessons learned is essential to reducing risk.
I would like to personally thank the members of the INSA Cloud Computing Task Force for their focus, effort and valuable contributions over the past year; the industry and government interviewees who were very gracious with their time, insight and patience; and of course, Bob Gourley for giving me the opportunity to support him on this important worthwhile effort.
The full report: “Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community” is available for download here.
Kevin L. Jackson is vice president and general manager, cloud services, at NJVC, LLC, and founder and author of “Cloud Musings.” In 2011, he was named a “Cyber Security Visionary” by U.S. Black Engineer and Information Technology magazine. His first book, “GovCloud: Cloud Computing for the Business of Government” was released in March 2011.