The Convergence of Cloud Computing and Cyber Security

Published: August 14, 2013

Cloud ComputingCybersecurityDEFENSEDISADHS

With the DoD turning to an analytics cloud for cyber security capabilities and the Department of Homeland Security and General Services Administration putting a cloud based continuous monitoring contract into place, the use of cloud computing to provide information assurance solutions is on the rise. This trend has been in the making for several years and industry should expect it to pick up speed in the years to come.

At the Defense Information Systems Agency’s recent Forecast to Industry event, Mark Orndorff, the head of Program Executive Office Mission Assurance and Network Operations, described DISA’s effort to develop an analytics cloud that will provide the DoD with enterprise cyber security capabilities.  Based on a similar cloud-based approach to security used by the National Security Agency, DISA’s analytics cloud will be called ‘Acropolis,’ after the temple to Athena, the Greek goddess of wisdom and war.  Once it is complete, Acropolis will provide continuous monitoring, cyber-attack analysis, insider threat analysis, and operations situational awareness for the entire Department of Defense, including the Military Departments and Combatant Commands (COCOMs).  Mr. Orndorff’s public statement comes at roughly the same time as the Department of Homeland Security and General Services Administration’s announcement that awards have been made for a $6 billion Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring-as-a-Service contract that will enable all federal agencies to procure the latest in cyber security technology.

The fact that cyber security and cloud computing are being mentioned in the same breath more and more these days is no coincidence.  Federal agencies are finding that they can easily leverage cloud-based solutions to address many of their cyber security requirements; from continuous monitoring and identity verification to digital certificate security.  This is a trend that has been developing over the last few years, with the total contract value of awards in this area recently rising to more than $6 billion, thanks to the latest announcement from DHS/GSA.

To get a sense of what kinds of projects have been underway, the following table illustrates as best I’ve been able to determine when and to whom cloud contracts have been awarded for cyber security related requirements.

CY Agency Requirement Contract # Vendor Awd. Value
2010 DoD CyberSense HR001110C0103 Total Immersion SW $883K
2011 USAF Advanced Trusted Computing Technologies FA875011C0075 DMI $10M
2011 DoD Mission Oriented Resilient Clouds FA865011C7192 MIT $4.4M
2011 DHS Homeland Security Information Network (HSIN) SaaS HSHQDC07J00515 HP Enterprise Services $3M
2011 DHS/SSA Identity Proofing as a Service 2 Experian $838K
2011 NASA Application Whitelisting NNJ11HD25P Naknan Inc. $25K
2012 DoD Cloud-Based Web Security System HE125412F0008 Arrow Electronics $81K
2012 DOE Digital Certificate Security Services (Public Key Infrastructure) No Data No Data No Data
2012 HHS Symantec Protection Engine for Cloud Services HHSN27600011 Red River $8K
2012 DOT Cloud Security Service DTNH2212F00378 Verizon (Terremark) $20K
2012 VA On-Demand Alerting and Response VA25512F1080 Send Word Now  $15K
2013 DoD Symantec NetBackup Services No Data Technica  $9M
2013 DHS Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring as a Service No Data Multiple Vendors $6B
2013 VA On-Demand Alerting and Response VA25513F0878 Send Word Now  $29K
No Data DoD Community Data Center and Sensor Operations No Data No Data No Data
No Data DOE HSPD-12 Processing No Data No Data No Data
No Data EPA Internet Security Services No Data No Data No Data
No Data GSA Physical Access Control Systems No Data No Data No Data
No Data DHS Authentication-as-a-Service No Data No Data No Data
No Data SSA E-Authentication No Data No Data No Data

This data reflects the fact that 2011 was the breakout year for cloud computing in the federal and government.  Not only did the total value of awarded contracts begin climbing that year, the variety of uses for cloud-based solutions also began to diversify.  For example, the use of cloud solutions for cyber security requirements was one of those areas where that growth began to appear.  This trend continued to gather speed in 2012 and 2013.  As a result, I expect to see a lot more contract awards for cloud-based cyber security solutions in the years to come.