recommended reading

IBM Calls Amazon Unprepared to Secure Intelligence Data

Maksim Kabakou/

Against the backdrop of a $150 million lawsuit over a contract to build a secure computer cloud for the U.S. intelligence community, an IBM executive swiped at competitor Amazon last week, calling the company’s  cloud services unreliable and not up to government standards.  

“Amazon's definition of reliability doesn't measure up to what the federal government needs for mission critical workloads,” Andrew Maner, managing partner of IBM’s federal cloud business told Nextgov.

Amazon is suing the government in an effort to claw back a contract it initially won to provide cloud computing services to the CIA and other intelligence agencies. The CIA later canceled and re-bid that contract after IBM complained to the Government Accountability Office.

GAO found the CIA gave Amazon an unfair advantage because it agreed to modify some terms of the contract after it had already been awarded. Notably, the agency agreed to weaken a requirement that all software in its cloud be verifiably free from computer viruses that might let unauthorized people see intelligence data. Amazon asked that it only be required to vouch for software it had built itself, not for third party and open source software.

Amazon contends in its lawsuit that the contract was properly awarded and that the CIA overlooked significant flaws in IBM’s bid in order to comply with the GAO ruling. GAO rulings on bid protests aren’t binding but agencies often follow them.

IBM is an intervening party in the lawsuit, which means it can file motions in the case and view sealed motions filed by Amazon. Most documents in the case record are either sealed or redacted to protect trade secrets.

Maner declined to discuss the lawsuit directly in his interview with Nextgov other than to say IBM stands behind its protest to the GAO.

“We don’t normally take that approach,” he said of filing the protest. “But with something this important and the entire company behind us it was the right thing to do. We’re talking about mission critical applications and we don’t take those things lightly.”

Maner criticized Amazon, saying the company was not secure enough to store sensitive government information and that its level of service isn’t up to government standards.

“Amazon’s whole business is built on a self-service model, but government agencies require more than a do-it-yourself mentality to be at the core of their work with mission critical projects,” Maner said.

He also argued that “Amazon is scrambling to find talent to fill major gaps in [its] ability to deliver.”

A spokeswoman for Amazon’s cloud division, Amazon Web Services, responded in an email that the company “has a large, dedicated public sector team . . . that serves the needs of more than 600 government agencies and 2,400 education institutions currently using AWS services.”

The spokeswoman added: “AWS works closely with government organizations to implement mission-critical applications on the AWS cloud to significantly reduce costs and achieve benefits like increased scalability, flexibility, security and agility.”

In the first round of cloud solicitations, Amazon’s bid came in at $148 million and was rated low-risk by the CIA, according to a redacted version of Amazon’s lawsuit. The IBM proposal came in at $94 million and was graded high risk by the CIA, the lawsuit states.

In the suit, Amazon describes IBM as a “late entrant to the cloud computing market” and calls its price advantage “a mirage.”

Computer clouds can generally store larger amounts of information more cheaply than traditional data centers and are better at giving customers remote access to those data and programs.

Amazon has become one of the largest cloud providers for the federal government, mostly focused on non-sensitive data such as website content. Its customers include the Treasury, Energy and State departments. IBM has a longer history securing sensitive government information, including for the U.S. military.

The proposed CIA cloud would be available to the entire intelligence community. National Security Agency Director Keith Alexander told an audience in 2011 that cloud computing cloud save the NSA 30 percent or more of its IT budget. NSA is one of the government’s largest gatherers of digital intelligence, including through a number of controversial programs exposed by former contractor Edward Snowden. 

Join us at Nextgov Prime Oct. 15-16 in Washington for indepth discussions about cloud computing, data security and much more. Registration is free for federal employees.  

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.