CloudFlare’s New Keyless SSL Could Unlock Cloud For Financial Institutions

Ron Miller, TechCrunch,  Thursday, September 18, 2014

Financial institutions crave cloud scalability, but have been reluctant to jump on the cloud bandwagon because of security concerns. In particular, they have been hesitant to expose their precious SSL keys to the open internet. The key identifies them as a financial institution and lets the other party know they can accept or send funds. As you can imagine, they don’t ever want this information escaping their control. CloudFlare, a company that is trying to move all of the traditional networking hardware you typically have in an on-premises data center into the cloud, figured out how to let financial institutions have have it both ways.

Does the Government’s Mobility Program Go Far Enough to Protect Security and Privacy?

Julie Anderson by Julie Anderson, Civitas Group
Wednesday, September 17, 2014

From checking email to editing presentations on the fly, more federal employees are using mobile devices as part of their job. But technology policymakers at federal agencies, by and large, are still playing catch-up. But it hasn’t proven to be the last word on either protecting government-owned or private employee data. Among the lingering questions remaining to be answered: How can the government secure itself against the proliferation of devices and apps? And how will federal employees’ personal information stored on such platforms be protected?

Agencies Demand FedRAMP-Approved Cloud Services

Nicole Blake Johnson, FedTech,  Wednesday, September 17, 2014

The Federal Risk and Authorization Management Program has redefined how commercial cloud vendors do business with the government. In many ways, the program has set clear expectations for both agencies and companies by creating a common language and standards for securing cloud-based products and services. Federal cloud computing has grown into a $3 billion market since the pre-FedRAMP era, when agencies didn’t have a mechanism for certifying if vendors could meet security requirements. Agencies have come a long way since then, and it shows in their solicitations for cloud services. Requests for FedRAMP-approved cloud services have become common.

3 elements for success for the FISMA High cloud

Nick Evans, GCN,  Wednesday, September 17, 2014

As federal agencies continue to consider public or commercial cloud services as a way to cut costs and improve IT service delivery, security concerns remain a major deterrent, especially when it comes to migrating mission-critical workloads. Recent industry studies show that a majority of organizations (51 percent) still consider their effectiveness in securing data and applications in the cloud to be “low,” with only 26 percent rating their effectiveness as “high.” To address these concerns, agencies must ensure cloud services meet the requirements of the Federal Information Security Management Act of 2002,better known as FISMA.

Fundamentals of cloud security

Ram Lakshminarayanan, ZDNet,  Tuesday, September 16, 2014

Organisational pressure to reduce costs and optimise operations has led many enterprises to investigate cloud computing as a viable alternative to create dynamic, rapidly provisioned resources powering application and storage platforms. Despite potential savings in infrastructure costs and improved business flexibility, security is still the greatest barrier to implementing cloud initiatives for many companies. Information security professionals need to review a staggering array of security considerations when evaluating the risks of cloud computing.

Culture Remains A Significant Barrier To Technology Adoption In Government

Bailey McCann, CivSource,  Tuesday, September 16, 2014

If your agency or department has an organizational culture that looks warily on change or adopting new technology, it is more likely that you’ll lag behind your peers, according to a new report from the Harvard Business Review and Verizon. The report entitled, “The Digital Dividend: First Mover Advantage” details how technology adoption is changing the business of government.

Vendor Outreach Key to Unlocking Federal Cloud Market

Kenneth Corbin, CIO,  Tuesday, September 16, 2014

Federal IT executives urge cloud service providers to offer agencies a glimpse of their roadmaps to help guide procurement strategies, which is often a byzantine process hampered by perpetual government tech talent shortages.

Federal CIOs Must Reframe Security Around Data, Access

Kenneth Corbin, CIO,  Monday, September 15, 2014

In an era of cloud computing, increasing mobility and federal agencies outsourcing more functions to IT contractors, the traditional lines delineating a network perimeter have blurred beyond recognition, experts warn. "I think best practices have to completely shift," Gus Hunt, operating partner at the private equity firm LLR Partners and the former CTO at the CIA, said this week at a government IT conference.

Majority of mobile apps will fail basic security tests in the future: Gartner

Charlie Osborne, ZDNet,  Monday, September 15, 2014

Gartner claims that through next year, 75 percent of mobile apps will fail the most basic of security tests. The research firm says that in 2015, the majority of mobile applications -- whether in the Android, iOS or Windows Phone ecosystems -- will not have basic business-acceptable security protocols in place. This poses a serious problem for the enterprise, where bring-your-own-device (BYOD) schemes are commonplace.

Apple takes 'very different view' on customer privacy, Cook says

Steven Musil, CNET,  Monday, September 15, 2014

"Our business is not based on having information about you. You're not our product," Cook said. "Our products are these, and this watch, and Macs and so forth. And so we run a very different company. I think everyone has to ask, how do companies make their money? Follow the money. And if they're making money mainly by collecting gobs of personal data, I think you have a right to be worried. And you should really understand what's happening to that data, and the companies -- I think -- should be very transparent."