The CIA's Cloud Contract Is Worth Billions

Uploaded on 2019-04-23 in INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

After six years in a classified commercial cloud built by Amazon Web Services, the CIA wants more commercial cloud capabilities from potentially multiple companies. 

The agency is in the early stages of planning a contract for commercial cloud computing services that will be worth “tens of billions” of dollars, according to contracting documents presented to select tech companies by the CIA in late March and first reported by Nextgov.

Dubbed the Commercial Cloud Enterprise, or C2E, the two-phase initiative will “expand and enhance” the commercial cloud capabilities it first contracted for with Amazon Web Services in 2013.

That contract, called C2S and valued at up to $600 million over 10 years, provided commercial cloud capabilities such as data storage, computing and analytics to the CIA and its 16 sister agencies within the intelligence community. 

“Since that time, cloud computing has proven transformational for the IC–increasing the speed at which new applications can be developed to support mission and improving the functionality and security of those applications,” the CIA contracting documents state.

Whereas C2S has been managed by a single company, the CIA expects to “acquire foundational cloud services” from multiple vendors in phase one of C2E, which is good news for companies like IBM, Microsoft, Google and others expected to compete for the contract.

The initiative’s second phase also opens up competition with a stated goal to “acquire through multiple vehicles” cloud management capabilities and specialised platform- and software-as-a-service offerings.  To be considered for the contract, cloud service providers must have a commercial presence and must meet rigid government requirements to host secret and top secret classified information. AWS is currently the only commercial cloud provider cleared to host all levels of classified data.

AWS established a foothold in the national security space through C2S. Over the years, it has introduced new services and earned plaudits from the CIA’s top tech officials for being more secure than the agency’s own data repositories. Most recently, Andrew Hallman, deputy director for innovation at the CIA, praised the department’s previous cloud efforts and said its future plans will focus on fusing various cloud architectures together.

“The important thing is to look at what the future of cloud looks like, hybrid cloud architectures, multi-cloud architectures, and that, for us, the very important thing is making really wise decisions about how those architectures work together.”

Meanwhile, cloud computing’s import across government continues to expand, with federal agencies collectively expected to spend $2 billion on the technology in the coming year. AWS has been favored to win the largest cloud contract up for grabs, the Pentagon’s multibillion Joint Enterprise Defense Infrastructure contract.

According to a proposed acquisition timeline accompanying the contracting documents, the CIA intends to engage industry regarding contract requirements through next year. The timeline proposes the C2E contract be bid out in May 2020 with an award “no later than July 2021.”

DefenseOne:             Image: Nick Youngson

You Might Also Read: 

The US Pentagon Is  Speeding-Up Its Cloud Strategy:

Where On Earth Is Cloud Data Actually Stored?:

 

 

« A Cyber Attack On Japan Could Bring The USA To War
Ethical Hacker Guilty Of Malware Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

AKATI Sekurity

AKATI Sekurity

AKATI Sekurity is a security-focused consulting firm providing services specializing in Information Security and Information Forensics.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.