Security

Not All Clouds Will Be Equal

Maryann Lawlor, SIGNALScape,  Wednesday, February 29, 2012

While the general perception is that a cloud is a cloud, that won’t be the case for government agencies. Experts revealed more specifics about federal, state and local migration to cloud computing during the first panel at AFCEA International’s Homeland Security Conference. Eventually a governmentwide cloud for all services and data may be created, but today, while some services can move to the cloud environment, others will require customized clouds. For example, email services are a good candidate for the cloud, but those agencies that require extra security are likely to create private clouds for data storage and exchange. The latter not only applies to the usual suspects of national security agencies but also to local and regional law enforcement agencies that need to restrict access and protect information during ongoing investigations

Survey: Cost savings key driver for government cloud adoption

Camille Tuutti, Federal Computer Week,  Wednesday, February 29, 2012

The public sector is inching closer to a more widespread adoption of cloud computing, with cost savings cited as the greatest driver for state, local and federal governments, and governments around the world. A new survey from auditing firm KPMG shows that more than 40 percent of government respondents globally say they are already testing or implementing cloud solutions, and nearly 30 percent are working on a cloud strategy.

Plan ahead for cloud computing breaches in cloud contracts, experts say

Marcia Savage, SearchCloudSecurity.com,  Wednesday, February 29, 2012

What do you do if your cloud provider is breached? Well, hopefully you’ve already planned for it ahead of time in your cloud contract. At the RSA Conference 2012 on Tuesday, a session offered advice to cloud users on how to plan for cloud computing breaches in their cloud computing contracts. Contracts “are an important initial line of defense in dealing with breaches in the cloud,” said James Shreve, an attorney in the Washington, D.C. office of BuckleySandler LLP.

NIST Updating Catalog of Controls

Eric Chabrow, GovInfoSecurity.com,  Wednesday, February 29, 2012

More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.

From the Experts: Cloud Computing's Hidden Export Regulation Risks

Chad Breckinridge, Law.com Corporate Counsel,  Monday, February 27, 2012

Thousands of Americans export data overseas every day without U.S. government authorizations and don’t even know it. How? By using cloud-computing services, ranging from personal services like Gmail to large-scale enterprise data storage solutions. While cloud-based services have become a valuable tool for improving efficiency, outdated government regulation leaves cloud users exposed.

DARPA, MIT Research A Self-Healing Cloud

Elizabeth Montalbano, InformationWeek,  Monday, February 27, 2012

The Department of Defense (DoD) is funding research to create a cloud computing environment that can heal itself after a cyber attack. Researchers at the Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory (CSAIL) are working on a new system that would help a cloud identify an attack and recover from it almost instantaneously, according to MIT.

RSA Conference 2012: Former NSA director says secure clouds can't come fast enough

George V. Hulme, Computerworld,  Monday, February 27, 2012

At the third annual Cloud Security Alliance (CSA) summit today, Michael McConnell, former director of the National Security Agency, urged the audience of 1,200 security experts to do what they can to help build trusted cloud computing systems."I've a message. Drive this technology, and drive the standards to force change. The economics of the cloud are so compelling they can't be denied. We have to get the security aspects right," McConnell said.

SafeGov.org Experts Question Whether Google Can Adequately Protect Government Information in the Cloud

Karen EvansRichard A. FalkenrathJeff Gould by Karen Evans, KE&T Partners
Richard A. Falkenrath, Chertoff Group
Jeff Gould, SafeGov.org
Thursday, February 23, 2012

The safety and privacy of the information that government agencies entrust to cloud computing services is of paramount concern to experts at SafeGov.org. Recent incidents suggest that Google does not exercise adequate control over certain aspects of its technology which may compromise the security of government information in Google cloud services. SafeGov.org experts Karen Evans, Richard Falkenrath, Jeff Gould and Douglas Miller call upon Google to take proactive steps to reassure government customers that its services will fully protect their information.

Mobile, cloud-based security top concerns for government healthcare organizations

Sara Jackson, FierceHealthIT,  Wednesday, February 22, 2012

At first glance, the new Booz Allen Hamilton survey of government health IT security readiness is pretty positive. A full 56 percent of respondents--IT directors and program managers with the U.S. Department of Health & Human Services, the Department of Veterans Affairs and other state and local governments entities--say they're fully compliant with federal security and privacy requirements. Another 65 percent say they have a risk management strategy and action plan for data breaches. And 60 percent say they have a "holistic" security strategy for responding to potential incidents.

What Makes Cloud Security So Hard?

Melvin Greer by Melvin Greer, Lockheed Martin
Tuesday, February 21, 2012

Many organizations still have uncertainties regarding the implementation of cloud technology for their enterprise, with security being a key concern. In order to allay their overall apprehension first requires an understanding of what makes dealing with security in a cloud different from conventional IT enterprises. This knowledge will help an organization to mitigate the security risks through the establishment of the proper controls, technologies and procedures.