The Convergence of Cloud Computing and Cyber Security
Published: August 14, 2013
With the DoD turning to an analytics cloud for cyber security capabilities and the Department of Homeland Security and General Services Administration putting a cloud based continuous monitoring contract into place, the use of cloud computing to provide information assurance solutions is on the rise. This trend has been in the making for several years and industry should expect it to pick up speed in the years to come.
At the Defense Information Systems Agency’s recent Forecast to Industry event, Mark Orndorff, the head of Program Executive Office Mission Assurance and Network Operations, described DISA’s effort to develop an analytics cloud that will provide the DoD with enterprise cyber security capabilities. Based on a similar cloud-based approach to security used by the National Security Agency, DISA’s analytics cloud will be called ‘Acropolis,’ after the temple to Athena, the Greek goddess of wisdom and war. Once it is complete, Acropolis will provide continuous monitoring, cyber-attack analysis, insider threat analysis, and operations situational awareness for the entire Department of Defense, including the Military Departments and Combatant Commands (COCOMs). Mr. Orndorff’s public statement comes at roughly the same time as the Department of Homeland Security and General Services Administration’s announcement that awards have been made for a $6 billion Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring-as-a-Service contract that will enable all federal agencies to procure the latest in cyber security technology.
The fact that cyber security and cloud computing are being mentioned in the same breath more and more these days is no coincidence. Federal agencies are finding that they can easily leverage cloud-based solutions to address many of their cyber security requirements; from continuous monitoring and identity verification to digital certificate security. This is a trend that has been developing over the last few years, with the total contract value of awards in this area recently rising to more than $6 billion, thanks to the latest announcement from DHS/GSA.
To get a sense of what kinds of projects have been underway, the following table illustrates as best I’ve been able to determine when and to whom cloud contracts have been awarded for cyber security related requirements.
|CY||Agency||Requirement||Contract #||Vendor||Awd. Value|
|2010||DoD||CyberSense||HR001110C0103||Total Immersion SW||$883K|
|2011||USAF||Advanced Trusted Computing Technologies||FA875011C0075||DMI||$10M|
|2011||DoD||Mission Oriented Resilient Clouds||FA865011C7192||MIT||$4.4M|
|2011||DHS||Homeland Security Information Network (HSIN) SaaS||HSHQDC07J00515||HP Enterprise Services||$3M|
|2011||DHS/SSA||Identity Proofing as a Service||2||Experian||$838K|
|2011||NASA||Application Whitelisting||NNJ11HD25P||Naknan Inc.||$25K|
|2012||DoD||Cloud-Based Web Security System||HE125412F0008||Arrow Electronics||$81K|
|2012||DOE||Digital Certificate Security Services (Public Key Infrastructure)||No Data||No Data||No Data|
|2012||HHS||Symantec Protection Engine for Cloud Services||HHSN27600011||Red River||$8K|
|2012||DOT||Cloud Security Service||DTNH2212F00378||Verizon (Terremark)||$20K|
|2012||VA||On-Demand Alerting and Response||VA25512F1080||Send Word Now||$15K|
|2013||DoD||Symantec NetBackup Services||No Data||Technica||$9M|
|2013||DHS||Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring as a Service||No Data||Multiple Vendors||$6B|
|2013||VA||On-Demand Alerting and Response||VA25513F0878||Send Word Now||$29K|
|No Data||DoD||Community Data Center and Sensor Operations||No Data||No Data||No Data|
|No Data||DOE||HSPD-12 Processing||No Data||No Data||No Data|
|No Data||EPA||Internet Security Services||No Data||No Data||No Data|
|No Data||GSA||Physical Access Control Systems||No Data||No Data||No Data|
|No Data||DHS||Authentication-as-a-Service||No Data||No Data||No Data|
|No Data||SSA||E-Authentication||No Data||No Data||No Data|
This data reflects the fact that 2011 was the breakout year for cloud computing in the federal and government. Not only did the total value of awarded contracts begin climbing that year, the variety of uses for cloud-based solutions also began to diversify. For example, the use of cloud solutions for cyber security requirements was one of those areas where that growth began to appear. This trend continued to gather speed in 2012 and 2013. As a result, I expect to see a lot more contract awards for cloud-based cyber security solutions in the years to come.