A cloud secure enough for classified workloads
- By Susan Miller
- Jul 12, 2017
Cloud computing may be saving money for many federal agencies, but for the intelligence community the cost of procuring and maintaining private infrastructure secure enough for classified/sensitive workloads is getting increasingly more expensive.
To make it easier for infrastructure-as-a-service providers to offer public clouds secure enough for such workloads, the Intelligence Advanced Research Projects Activity is exploring a concept it calls classified as a service.
According to IARPA's request for information, ClaaS would be "a classified private enclave encompassing multiple public cloud nodes in multiple locations to accommodate general-purpose, classified workloads elastically based on demand." It would eliminate the security issues related to the IaaS vendor's employees and software stack, which could be vulnerable to side-channel attacks due to shared resources.
The idea for ClaaS, IARPA said, is based on bare metal-as-a-service offerings that give commercial cloud clients exclusive use of a cloud server hardware for preset periods of time. Although MaaS eliminates the possibility of many side-channel attacks, it can still expose customer data to the risk of exfiltration.
IARPA is considering developing new technologies that would give public cloud operators a way to provide secure, classified, general-purpose processing to the government by replicating the properties of current air-gapped private enclaves within the public cloud for finite periods of time.
The intelligence research agency wants to hear from large U.S.-owned IaaS providers about working with IARPA and its academic and commercial partners in developing technologies and techniques that might eventually lead to ClaaS offerings. Vendors are asked to briefly describe how ClaaS might work, its expected performance and critical technical issues/obstacles and how they might be addressed.
Responses are due July 28. Read the RFI here.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.