CIA moves IT to the cloud
The Department of Homeland Security (DHS) made a similar move last year
In what may be the ultimate confirmation of perceived reliability, the Central Intelligence Agency (CIA) recently announced they would be moving their data and much of their operating software into “the cloud.” Specifically, they have contracted with Amazon Web Services (AWS) to host much of the CIA’s information technology activity. The Department of Homeland Security (DHS) made a similar move last year.
Mission-critical operations are usually among the last to adopt new technologies, preferring to wait until the bugs are worked out and their utility is proven before betting the ranch on a new gadget’s performance.
The federal government is especially reticent to buy new consumer technology, which is ironic when you consider that the Department of Defense regularly contracts to buy aircraft, vehicles and ships that haven’t been invented yet. Often, these new designs have numerous flaws that keep them from going operational for years, and usually cost millions or billions more to perfect and manufacture.
In the roughly 35 years we have had personal computers in the workplace, both private and public sector organizations have traditionally purchased both hardware and software outright. The IT industry moves so fast that the new gear seems outdated within a year or three, although it typically performs about as well on day 1,000 as it did on day one.
When we’re running Windows 7 and saving files to massive solid state hard drives and peanut-size flash drives at home, it’s a letdown to go to work and use a computer running Windows 95, pulling files off of floppy disks. Don’t laugh, I personally know of a medical office which was doing exactly that until last year.
The practice of having both software and data in the cloud, on a remote server, is sometimes called Software-as-a-Service (SaaS).
Maintaining relatively low-powered (and inexpensive) thin client terminals at the work site, the applications and data are called down from the cloud as needed. The outfit hosting SaaS is responsible for keeping everything running, from tending and powering the physical computers to constantly tweaking and upgrading the software to provide maximum efficiency.
For an operation like the CIA, SaaS has result in significant savings. Much of their role is in data collection and archiving, but the analysis function occasionally demands some high-powered computing resources. By paying for these resources only when it needs them, the agency saves the cost of buying high-end computing equipment that may sit idle most of the time, can occasionally be unavailable because of higher-priority needs, and will be obsolete in a few years.
AWS offers computing services that are similar to hotel rooms. If you travel to another city frequently, you could buy a house to stay in while you’re there, but the house will be vacant most of the time.
Instead, you rent a hotel room to use when you need it, and let the hotel take care of it both when you need it and when you don’t. The hotel tries to maximize its revenue by keeping that room occupied as much as possible, and there is a delicate balance between having rooms available when anyone wants one and having too much excess inventory that’s not making money.
AWS does the same thing with computers. Both private and public companies occasionally need some major processing power, and AWS will sell it to them when they need it. Similarly, they build data storage centers in geographically separate locations, so it’s unlikely a single disaster will take down much of the system at once.
That doesn’t mean it never happens. AWS hosts much of Netflix’s streaming video collection, which can account for one-third of all North American internet traffic at peak use hours.
Last Christmas Eve, folks who wanted to put on Santa Claus Conquers the Martians for the rug rats were disappointed when the entire Netflix streaming network crashed.
Don’t blame Netflix. The problem was attributed to a human error by an Amazon employee.
Is AWS reliable enough to handle national security? Even with the occasional failure, it’s probably more reliable — and considerably cheaper — than a single-source data storehouse operated by the government. I have to hope that people smarter than me and who are knowledgeable about encryption systems have been heard on the security of this enterprise. If it is robust enough for the DHS and CIA, it’s going to be good enough for state and local law enforcement as well.