Network World Exclusive: Introducing the NSA Private Cloud

A Gartner report released in October 2013 contrasted the developmental stages of the private and hybrid clouds. The study, “Private Cloud Matures, Hybrid Cloud is Next,” revealed that from 2010 to 2013, the private cloud grew from a technology under consideration by many enterprises to one that had become widely adopted.

Although the hybrid cloud is now experiencing increased popularity, with the same Gartner report predicting that almost half of large enterprises would have hybrid clouds deployed by 2017, the private cloud continues to attract new customers. After all, hybrid clouds typically include a private cloud component (along with a public one), so both models are strong options for organizations that require more robust security and compliance capabilities than is available through a 100% public cloud.

Despite growing emergence of the hybrid cloud, the market for clouds that are purely private is growing at an enormous rate as well, according to a 2014 survey by Technology Business Research. The survey polled more than 2000 tech buyers at enterprises around the world, and its findings suggest the private cloud is going to easily outdo the growth of the public cloud for the next few years. While public cloud had expanded approximately 20% year-over-year in late spring (when the findings were analyzed), the private cloud appeared likely to grow at a 50% clip over the next four years. While TBR noted that the private cloud industry was worth $8 billion in 2010, it had expanded 300% to $32 billion by 2013. Although the technology’s growth rate is slowing, the market will continue to amplify rapidly, attaining $69 billion by 2018.

Private Cloud Adoption by the Pentagon

One major reason that the private cloud has experienced such strong growth is high-profile deployments by organizations with incredibly rigid security concerns. A great example of that is the National Security Agency. In 2011, Microsoft content strategist Rik Fairlie was interested in profiling a big-name US federal government project that was utilizing cloud computing. Fairlie describes his research findings as “all but astonishing” and what he viewed as a tipping point for the cloud market: use of the cloud by the Departments of Defense and Homeland Security.

Specifically, what caught Fairlie’s attention was a March 2011 article in Army Times. The piece reported on statements made by Army Gen. Keith Alexander, head of both the National Security Agency and US Cyber Command, as he argued to a House Armed Services subcommittee that cloud computing was secure enough for the Pentagon: “We are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data.”

NSA Cloud in Action

In a September 29 report on the NSA’s private cloud infrastructure, Network World noted that the move to the cloud occurred because the agency was undergoing a challenge that many enterprise CIOs have experienced: space was getting short for hundreds of disparate databases that ran the gamut from foreign intelligence details to internal administrative data. What was needed was consolidation, and CIO Lonny Anderson proposed to Gen. Alexander that the organization transition to a cloud system.

Dirk A.D. Smith, reporting for Network World, interviewed Anderson at the main NSA facility in Fort Meade, Maryland. Anderson noted that the systemic change by the NSA is the same migratory pattern seen by other US intelligence agencies. When the Department of Defense had to respond in 2011 to what Anderson describes as “‘huge budget cuts,’” several related agencies – the NSA, CIA, National Geospatial Intelligence Agency (NGA), National Reconnaissance Office (NRO), and Defense Intelligence Agency (DIA) – decided that the most reasonable solution was to integrate their systems.

Anderson said that the NSA’s private cloud is “an integrated set of open source and government developed services on commercial hardware that meets the specific operational and security needs of NSA and Intelligence Community (IC) mission partners.” The NSA is essentially using strategies that have been refined in the private sector, including efficiencies optimized by commercial cloud providers and what, in many cases, is identical hardware. Although the hardware is commercial, the bulk of the software is open source, including Apache Hadoop, Apache Accumulo, and OpenStack.

Security in the Age of WikiLeaks

Smith remarked that after the large-scale, embarrassing, and troubling (regardless of political perspective) leaks by WikiLeaks’ Julian Assange and Edward Snowden, the legality of data being stored and managed by the NSA is of grave concern to US citizens. To that concern, Anderson noted that the private cloud  “makes it easier for us to track and enforce compliance with our legal responsibilities to protect privacy and civil liberties – something we have always taken very seriously.”

The NSA cloud integrates various datasets, protecting every individual piece of data with tags to control its usage. This tagging system is core to determining what users are able to see what information: “Our team has developed a way to tag data at the cell level and, accordingly, through PKI certificates, every person.”

Improved Protection with Innovative Software

Anderson noted that the private cloud offers better protection than legacy systems, safeguarding it against theft like the one achieved by US soldier Bradley Manning, who obtained and released classified documents in 2010. Generally, the agency’s migration to a private cloud has helped to minimize the impact of budget cuts and increase the productivity of the NSA’s analysts.

If a private cloud has proven so effective for the National Security Agency, what could it do for your organization? Chat with an expert now.

By Kent Roberts

Image Credit: SlashGear