It would not be a surprise to learn that the NSA's private cloud resides within secure government facilities. Anderson says, "It saves space by combining and consolidating multiple independent services and systems. In addition, we take advantage of the economies of scale from commodity hardware and the continuous improvements by commercial markets to save space, power, and cooling; the same efficiencies used by the commercial public cloud services."
Keeping the data secure
In the wake of Wikileaks and the Snowden leaks, it's important to understand what is being stored and how it's being managed. More to the point, how can it be checked for legality?
Anderson says the NSA cloud does contain data the agency acquires and uses for its missions. He adds, "How we gather and use data is actually governed by strict legal authorities and subject to very rigorous oversight. That's important to note because the NSA's cloud architecture and data management structure greatly improves our ability to organize and analyze data and produce quality intelligence, but also makes it easier for us to track and enforce compliance with our legal responsibilities to protect privacy and civil liberties -- something we have always taken very seriously. Also, aside from mission functions, the cloud is equally suited to enable improvements in other administrative and management functions for the agency."
His point about compliance is especially important now, after the scrutiny of the past year. It is also a lesson for the private sector, where many companies have run into trouble by losing control of confidential information.
Due to the nature of the mission, the cloud components reside across a distributed architecture in multiple geographic areas. "We can't discuss it all in detail," the CIO says. "But we do utilize a variety of security protocols at every layer of the architecture, as well as a robust encryption strategy. The NSA cloud brings together multiple data sets and protects each piece of data through security and enforcement of the authorities that specify its use. We do this by marking each individual piece of data with a set of tags that dictate its security protections and usage. In addition to data markings, security is applied throughout the architecture at multiple layers to protect data, systems, and usage."
This ability of the agency to track the activities of a piece of data is, as he explains, "all about tagging and provenance of both data and people. Our team has developed a way to tag data at the cell level and, accordingly, through PKI certificates, every person. For the file, it means being able to track what happens to it as long as it is in the system. For a person, it means more than what you do with a file, it also means what you are authorized to see."
Sign up for CIO Asia eNewsletters.