INSA Report: Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community

On 13 march 2012, the Intelligence and National Security Alliance (INSA) released a report culminating a years worth of interviews and continuing dialog with

On 13 march 2012, the Intelligence and National Security Alliance (INSA) released a report culminating a years worth of interviews and continuing dialog with industry, academia and government on the mission needs and benefits of new approaches to Information Technology implementation in support of national security missions.  The report, titled “Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community” was highlighted at a special roll-out at the National Press Club. The roll-out included a panel discussion between myself and two friends, Terry Roberts and Jim Heath, focused on the use of modern IT in the service of real missions.

I was INSA’s lead on the study that lead to this document, so I had the honor of working with a large team of volunteers from government, industry and academia during its production. On a personal note this was a very rewarding experience as it forced me to forget my introverted ways and get out and meet new people and it turned out to be quite an education. And on a professional note, the dedication of those who volunteered to interview thought leaders from industry and academia and government really impressed me and proved to me once again that the greatest strengths in our national security are our people.

Other than that, the most important take-aways from our study, in my opinion:

• The years of work in fielding real cloud-based capabilities are paying off for national security missions
• One of the greatest capabilities enhanced through these approaches is mission agility
• IC leaders, even those who are non-technical, understand that this approach can have significant positive impacts on business models and how the mission is accomplished
• Security enhancements discovered and fielded from IC research can benefit the broader community
• The use of Cloud Computing constructs is enabling the very smart application of resources in the community. It is also enabling many of the current “Big Data” capabilities in the community and is now leading to new constructs on how to deal with industry on topics like how to license software and provide metered services.

Other key lessons from the paper include:

1. decision makers in the IC are appropriately
focusing on the business model implications of
cloud computing. cloud computing is not just a new
technology, but a significant shift in the consumption
of It resources and allocation of It funding.

2. Within the IC, the decision to adopt a cloud model
is focused on mission enablement and must be
determined on a case-by-case basis. the evaluation
of cost savings must bear in mind costs over the
complete lifecycle, rather than a periodic budget
cycle.

3. Information security can be enhanced through a
cloud computing approach, but only when it is built
into the model’s design. If security is not part of the
design, cloud computing architectures dramatically
increase risk.

4. the type of cloud deployment model adopted will be
determined by the sensitivity of data hosted.

5. those looking to migrate to the cloud must consider
impacts on organizational culture.

6. Improvements to how agencies acquire services,
software, and hardware are strongly desired by most
personnel involved in the implementation of cloud
computing, and many believe that the adoption of a
cloud solution may catalyze these changes.

7. as standards for cloud computing emerge, thoughtful
federal input can contribute to greater security and
cost efficiencies. any organization contemplating
adopting a cloud architecture, including those within
the Ic, should include the ability to support multiple
standards.

8. lessons learned from the It industry, the private sector,
and academia must inform Ic decision making.
Sharing lessons learned is essential to reducing risk

You can download and read the full report at INSA.