Virtual ‘Workplace’ Aims to Speed Fed Cloud
As the federal government struggles to make the transition to the cloud, lessons learned during the relatively smooth transfer executed by U.S. intelligence agencies are slowly being applied to sprawling bureaucracies like the Defense Department.
In an attempt to fix its hidebound procurement system, Pentagon leaders have over the last 18 months embraced practices perfected in Silicon Valley. Among those initiatives is the Defense Innovation Unit Experimental, or DIUx, which seeks to increase the U.S. military's access to commercial technologies.
Working in parallel with quasi-governmental institutions such as In-Q-Tel, the CIA's investment arm, the DoD agency is attempting to bring legacy systems like virtual desktop infrastructure (VDI) into the cloud era. In one example, DUIx is test-driving a secure cloud "workspace" intended to shift current VDI services running in government datacenters to commercial cloud platforms like Amazon Web Services (NASDAQ: AMZN) and Microsoft Azure NASDAQ: MSFT).
The cloud workspace was developed by a Silicon Valley startup called Frame, whose leadership includes several former CIA veterans who helped U.S. spy agencies make the jump to the cloud. Frame announced last week that In-Q-Tel joined Microsoft Ventures and Bain Capital Ventures in a $16 million funding round.
VDI systems are widely used across DoD agencies with varying levels of success. With the number of computing-intensive workloads growing, Frame said its approach is designed to move some data-driven applications out of the datacenter and securely into the cloud.
In an interview, Frame executives said the startup has taken lessons learned in delivering enterprise IT and applied them to U.S. agencies struggling to shift to cloud computing. The goal is to push software services and a "security model all the way up the stack to the desktop," said Frame's Jason Holloway, who previously served as the chief technology officer for Commercial Cloud Services, the U.S. intelligence agency cloud.
Frame's technology is billed as allowing users to securely access distributed applications via a web browser running on mobile and other devices. "The ability to reduce security risks with zero-footprint virtual desktop clients, while simplifying management of desktop software, is attractive to our government partners," noted George Hoyem, managing partner for investments at In-Q-Tel.
Founded in 2012, Frame added support last year for the AWS GovCloud and Microsoft Azure Government platforms. AWS is the primary cloud provider for the CIA and other U.S. intelligence agencies. Holloway also helped develop technical specifications for a U.S. intelligence program designed to promote data sharing among spy agencies through the used of common standards and cloud storage.
The startup also stresses that its virtual workspace is designed to run Windows and Linux-based applications from any device. Cloud-based support also means complex applications like data visualizations can draw on unlimited computing power available from cloud vendors like AWS and Microsoft.
The ability to scale computing power is important for high-end workloads such as geospatial applications that tend to bog down on traditional VDI architectures. Those computing-intensive jobs could be accelerated by leveraging cloud-based graphics processors, for example, Frame's Holloway noted.
Industry analysts also note that cloud-native applications run faster and are easier to deploy than traditional VDI technology, which brings with it much administrative overhead.
In-Q-Tel and DoD agencies such as DUIx also are betting that distributed applications will run securely using a cloud native approach. In the event of cyber breach, Holloway noted, "The blast area is much smaller."
Enhanced security is a key requirement for agencies like the Pentagon, which handles a range of data spanning sensitive but unclassified to Top Secret intelligence. Any shift to the cloud or a hybrid approach would require partitioning data according to classification level.
David Reber, Frame's director of security and another CIA veteran, said Frame's platform includes cloud-native support for "gold," or master, images often used as a template for the operating system and applications on a virtual desktop. The startup's security approach publishes a new gold image with each new workload, representing a more "proactive" security feature than traditional software patches, the company said.
"A hacker only has to be right once. We have to be right every time," Reber stressed.
Hence, a cloud-based virtual desktop approach might also allow DoD users to run some unclassified workloads in isolated AWS or Microsoft clouds regions while retaining classified data in-house, Holloway explained.
Frame, based in San Mateo, Calif., has so far raised a total of $32 million in two funding rounds.