Risk
8/29/2012
12:25 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Intelligence Agencies Seek A Private Cloud OS

CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
In-Q-Tel, the investment arm of the CIA, has partnered with cloud management specialist Adaptive Computing to develop a "cloud operating system" for use by U.S. intelligence agencies.

Adaptive will integrate its Moab cloud management suite with an unspecified open source cloud platform--potentially OpenStack, CloudStack, or another alternative--to create the cloud OS.

Adaptive's Moab Cloud Suite provides service provisioning, service catalogs, and policy management in cloud environments. The company holds patents in areas such as multi-tier applications, time-based policy enforcement, and hybrid and multi-tenant clouds.

In a written announcement on the partnership, Robert Ames, senior VP of In-Q-Tel's information and communication technologies practice, cited Adaptive's experience in cloud management software and its development capabilities in deciding to work with the company. The company's customers include the National Security Agency, national laboratories, the National Oceanic and Atmospheric Administration, and the U.S. military.

[ The feds are embracing new technologies to prepare for the digital age. Read DARPA Seeks 'Plan X' Cyber Warfare Tools. ]

U.S. director of national intelligence James Clapper said at an industry conference last year that the Intelligence Community (comprised of 17 federal agencies and departments) would be moving to the cloud model as a way of meeting budget reductions. Given the security requirements of intelligence agencies, private clouds may be the preferred way of doing that.

CIA CTO Gus Hunt, speaking at InformationWeek's GovCloud conference last year, said cloud computing, because if its virtual, dynamic nature, could potentially be more secure than traditional IT approaches. "I've created a world in which my workloads are constantly fresh and clean, and I have created a shell game by turning myself into a polymorphic attack service," he said. (InformationWeek Government's GovCloud 2012 conference will be held Oct. 17 in Washington, D.C)

The non-profit Intelligence and National Security Alliance earlier this year released a white paper that identified issues around cloud adoption, including security and the suitability of various cloud environments (public, private, or hybrid). At the same time, the INSA concluded that agencies stand to benefit from an increased ability to share and analyze large quantities of data.

Adaptive Computing, previously known as Cluster Resources, has a background in managing high-performance computing clusters, which it is applying to the supervision of x86 servers in private clouds. The company's Moab technology employs a multi-dimensional "intelligence engine" to the management and allocation of IT resources.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.