CIA's AWS Decision Shows It May Not Have Learned From NSA.
Let's take a look Edward Snowden and the National Security Agency. As we know now, Snowden's permissions exceeded his clearance, he leaked a ton of information that the Obama administration wishes had been kept secret, and no one connected to the NSA is safe from the federal government's witch hunt.
By all reports, Snowden isn't stupid or nuts, and he passed his background checks. He simply should never have seen the information he had access to, but he didn't like what he saw and decided to blow the whistle. In the months since, the NSA has significantly changed its vetting procedures to assure this doesn't happen again.
You might assume that any branch of government that didn't provide the same protections would have its CIO flogged on site. Yet the CIA recently agreed to use Amazon Web Services. Even using an entity that would remotely host any service from an any intelligence agency, given the Snowden and Manning incidents, might be seen as suicidal for whoever agreed to do it internally and for the firm that agreed to make it happen.
There's a difference between companies that deal regularly with the federal government and those that don't. The ones that do know that critical rules change and naturally factor those changes into protect the client and themselves. New companies think that isn't part of their job and don't realize that, when the crap hits the fan, even if it isn't your fault, you're still going to get covered in crap.
Healthcare.gov Shows Danger of Going With Lowest Bid
We saw this play out with Healthcare.gov, the Affordable Health Care Act website. By all reports it was underfunded and rushed, while the contractor, CGI, had previously been fired by the Canadian government. But it was the lowest bidder.
CGI is supposed to be an experienced federal contractor, and even it couldn't execute Healthcare.gov properly. CGI really wasn't at fault this project was mismanaged from the start but the vendor is being tossed under the bus, frequently and with relish, because it didn't protect the folks that decided to use it.
IBM does hundreds of government contracts and how often is the company caught like this? Now how often is AWS in the news for outages that take out partners?It isn't that IBM doesn't break. It's just better at making sure that, when bad things happen, there are contingency plans to keep the folks who bet their jobs on IBM in those jobs.
Had IBM run Healthcare.gov, it would have assured a successful result, even if it cost margin, because IBM knows that a failure would hurt its brand and its advocate. That's why agencies are willing to pay a little more for IBM; the company assures that its customers' decision-makers are protected. Go to any IBM customer event and you'll see CIOs on stage singing IBM's praises. It's not about the technology; it's about IBM covering the CIO's collective backsides.
Perception Rules, Even If Reality Suggests Otherwise
Folks often forget that IBM was late to the ecommerce market but managed to own that segment two years before it had a viable product. It's like Apple taking control of the smartphone market six months before it had a working product. Both firms understood that perception and reality are two very different things.
Right now, for example, IBM is working both inside and outside the federal government to make their case for why AWS shouldn't have won the CIA's business. (Were the roles reversed, IBM would be protecting the folks at the CIA who chose its technology; AWS, not so much).
