The Washington PostDemocracy Dies in Darkness

Amazon launches new cloud storage service for U.S. spy agencies

An office building occupied by cloud computing provider Amazon Web Services in Herndon, Va. (Kristoffer Tripplaar/Sipa USA)

Amazon’s cloud storage unit announced Monday that it is releasing a new service called the Amazon Web Services Secret Region, a cloud storage service designed to handle classified information for U.S. spy agencies.

The service will be provided to the intelligence community through an existing $600 million contract with U.S. intelligence agencies, which has made Amazon a dominant player in federal IT contracting.

“The U.S. Intelligence Community can now execute their missions with a common set of tools, a constant flow of the latest technology and the flexibility to rapidly scale with the mission,” Amazon Web Services vice president Teresa Carlson said. (Amazon chief executive Jeffrey Bezos owns The Washington Post.)

In a statement posted by Amazon Web Services, CIA chief information officer John Edwards referred to the new service as “a key component of the intel community’s multi-fabric cloud strategy.”

With this service, Amazon says, it is the “only commercial cloud provider to offer regions to serve government workloads across the full range of data classifications, including unclassified, sensitive, secret and top secret.”

The announcement comes at a time when Amazon’s business and government customers are under intense scrutiny over whether they are storing data securely in the cloud. Amazon’s cloud-based folders – referred to as “buckets” – have been at the center of several high-profile security incidents in recent months, in which customers inadvertently left sensitive information on an Amazon server in an unprotected format.

In late May a cybersecurity researcher found that a Booz Allen Hamilton contractor working at the National Geospatial-Intelligence Agency had left sensitive government information online in an AWS bucket without password protection. Booz Allen Hamilton said at the time that one of its own employees was at fault for making the information public.

A month later the same researcher found a similar exposure at a contractor employed by the Republican National Committee had left millions of voters’ personal information freely available online, also in an Amazon cloud bucket. A third incident involving the Defense Department was reported by CNN on Friday.

Chris Vickery, whose company Upguard was responsible for all three findings, said the responsibility for protecting cloud-based data falls primarily to the companies using Amazon Web Services for cloud services, and not to Amazon. Still, he said he thought Amazon Web Services could do more to build stronger security into its cloud services.