IBM Calls Amazon Unprepared to Secure Intelligence Data

Against the backdrop of a $150 million lawsuit over a contract to build a secure computer cloud for the U.S. intelligence community, an IBM executive swiped at competitor Amazon last week, calling the company’s  cloud services unreliable and not up to government standards.  

“Amazon's definition of reliability doesn't measure up to what the federal government needs for mission critical workloads,” Andrew Maner, managing partner of IBM’s federal cloud business told Nextgov.

Amazon is suing the government in an effort to claw back a contract it initially won to provide cloud computing services to the CIA and other intelligence agencies. The CIA later canceled and re-bid that contract after IBM complained to the Government Accountability Office.

GAO found the CIA gave Amazon an unfair advantage because it agreed to modify some terms of the contract after it had already been awarded. Notably, the agency agreed to weaken a requirement that all software in its cloud be verifiably free from computer viruses that might let unauthorized people see intelligence data. Amazon asked that it only be required to vouch for software it had built itself, not for third party and open source software.

Amazon contends in its lawsuit that the contract was properly awarded and that the CIA overlooked significant flaws in IBM’s bid in order to comply with the GAO ruling. GAO rulings on bid protests aren’t binding but agencies often follow them.

IBM is an intervening party in the lawsuit, which means it can file motions in the case and view sealed motions filed by Amazon. Most documents in the case record are either sealed or redacted to protect trade secrets.

Maner declined to discuss the lawsuit directly in his interview with Nextgov other than to say IBM stands behind its protest to the GAO.

“We don’t normally take that approach,” he said of filing the protest. “But with something this important and the entire company behind us it was the right thing to do. We’re talking about mission critical applications and we don’t take those things lightly.”

Maner criticized Amazon, saying the company was not secure enough to store sensitive government information and that its level of service isn’t up to government standards.

“Amazon’s whole business is built on a self-service model, but government agencies require more than a do-it-yourself mentality to be at the core of their work with mission critical projects,” Maner said.

He also argued that “Amazon is scrambling to find talent to fill major gaps in [its] ability to deliver.”

A spokeswoman for Amazon’s cloud division, Amazon Web Services, responded in an email that the company “has a large, dedicated public sector team . . . that serves the needs of more than 600 government agencies and 2,400 education institutions currently using AWS services.”

The spokeswoman added: “AWS works closely with government organizations to implement mission-critical applications on the AWS cloud to significantly reduce costs and achieve benefits like increased scalability, flexibility, security and agility.”

In the first round of cloud solicitations, Amazon’s bid came in at $148 million and was rated low-risk by the CIA, according to a redacted version of Amazon’s lawsuit. The IBM proposal came in at $94 million and was graded high risk by the CIA, the lawsuit states.

In the suit, Amazon describes IBM as a “late entrant to the cloud computing market” and calls its price advantage “a mirage.”

Computer clouds can generally store larger amounts of information more cheaply than traditional data centers and are better at giving customers remote access to those data and programs.

Amazon has become one of the largest cloud providers for the federal government, mostly focused on non-sensitive data such as website content. Its customers include the Treasury, Energy and State departments. IBM has a longer history securing sensitive government information, including for the U.S. military.

The proposed CIA cloud would be available to the entire intelligence community. National Security Agency Director Keith Alexander told an audience in 2011 that cloud computing cloud save the NSA 30 percent or more of its IT budget. NSA is one of the government’s largest gatherers of digital intelligence, including through a number of controversial programs exposed by former contractor Edward Snowden. 

Join us at Nextgov Prime Oct. 15-16 in Washington for indepth discussions about cloud computing, data security and much more. Registration is free for federal employees.