SIGforum
JEDI Contract Controversy

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/320601935/m/8620037544

August 13, 2018, 05:48 PM
matai
JEDI Contract Controversy
I think this is really dumb, AWS is the obvious choice. Is all the controversy made by the losers?

https://www.vanityfair.com/new...ful-in-dc-than-trump

I have a strong personal interest in this. How does all this look like to you?
August 13, 2018, 05:55 PM
Expert308
I'd be more concerned about the wisdom (or lack thereof) of putting all the DOD's data in the cloud, than about who gets the contract.
August 13, 2018, 10:08 PM
SigJacket
It’s not the same cloud. It’s a wholly separate installation.

https://aws.amazon.com/govcloud-us/

It’s still a private entity, though it would have 10 billion reasons to keep it tight.


--
I always prefer reality when I can figure out what it is.

JALLEN 10/18/18
https://sigforum.com/eve/forum...610094844#7610094844
August 13, 2018, 10:14 PM
Fenris
One stop shopping for Beijing. What's not to like?

Have these idjits completely forgotten the lessons of compartmentalization and segmentation?

Boggled I am.



God Bless and Protect our Beloved President, Donald John Trump.
August 14, 2018, 08:07 AM
cyanide357
As mentioned by Expert308, these systems would be within the AWS GovCloud. And will likely be an isolated / private cloud (isolated further I mean) within AWS GovCloud. CIA already uses AWS for a similar system.

I'm sure there will be plenty of security and auditing. Assuming lots of Linux systems, then things would likely be protected by SELinux, cgroups (kernel isolation used with containers (or LXC/LXD)), and RBACs. Not to mention lots of IDS/IPS (and general DPI) to monitor the network traffic - which I expect would be encrypted itself.

I have no direct background with Gov Systems or standards - but I don't see it making much of a difference since the Pentagon (and gov in general) has been been using private companies for their infrastructure aggressively since 2001. And given the OPM hack from 2015 (by China), it isn't like the non-cloud systems have the best track record anyway.
August 14, 2018, 10:46 AM
BBMW
The "Cloud" is a relative thing. And this could be a double edged sword. Is it easier to protect and manage security for a single array of servers holding everything, than to do so far a myriad of separate systems scattered hither and yon, all with different groups managing them? The former standardizes security, lessening the chance that some individual system will have security that's not up to snuff. The flip side is, if hackers find a hole, they can get into the whole shootin' match. I would hope there'd be some level of internal partitioning to prevent this.

quote:
Originally posted by Expert308:
I'd be more concerned about the wisdom (or lack thereof) of putting all the DOD's data in the cloud, than about who gets the contract.