IARPA eyes a cloud for classified workloads
- By Susan Miller
The intelligence community is looking for ways to contain the costs of procuring and maintaining cloud infrastructure that's secure enough for classified/sensitive workloads.
One option under consideration by the Intelligence Advanced Research Projects Activity is called "classified as a service," which aims to make it easier for infrastructure-as-a-service providers to offer public clouds secure enough for such IC use.
To give general-purpose, classified workloads cloud-like scalability and pricing, IARPA is interested in "a classified private enclave encompassing multiple public cloud nodes in multiple locations," a recent IARPA's request for information said. Such an environment would eliminate the security issues related to the IaaS vendor's employees and software stack, which could be vulnerable to side-channel attacks due to shared resources.
The idea for ClaaS, IARPA said, is based on bare metal-as-a-service offerings that give commercial cloud clients exclusive use of a cloud server hardware for preset periods of time. Although MaaS eliminates the possibility of many side-channel attacks, it can still expose customer data to the risk of exfiltration.
IARPA is considering developing new technologies that would give public cloud operators a way to provide secure, classified, general-purpose processing to the government by replicating the properties of current air-gapped private enclaves within the public cloud for finite periods of time.
The intelligence research agency wants to hear from large U.S.-owned IaaS providers about working with IARPA and its academic and commercial partners in developing technologies and techniques that might eventually lead to ClaaS offerings. Vendors are asked to briefly describe how ClaaS might work, its expected performance and critical technical issues/obstacles and how they might be addressed.
Responses are due July 28. Read the RFI here.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA from West Chester University and an MA in English from the University of Delaware.
Connect with Susan at firstname.lastname@example.org or @sjaymiller.