Policy & Procurement

Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.

State CIOs will focus on security and cloud in 2016

Kenneth Corbin, CIO,  Wednesday, November 25, 2015

Microsoft announces unified Trust Center for enterprise cloud services

Kellogg Brengel, WinBeta,  Tuesday, November 24, 2015

As of today Microsoft is consolidating and solidifying the messaging of their enterprise cloud services’ privacy, security, and compliance statements. The new Unified Trust Center for the Microsoft Cloud encompasses the privacy and security policies for Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365. From the new Unified Trust Center, enterprise customers can clearly see in one location how Microsoft protects your organization’s data, Microsoft’s commitment to your privacy, what regulations their cloud services are compliant with, and gain more insight on the company’s approach to transparency.

Industry should steal FedRAMP cloud security baselines

Aaron Boyd, Federal Times,  Friday, November 20, 2015

The federal government is doing a good job establishing cybersecurity requirements for cloud providers and industry looking to do the same should look no further, according to John Pescatore, director of emerging security trends at the SANS Institute. Agencies are under mandate to consider cloud services ahead of other options but not at the expense of security. To ensure agencies are procuring secure services, the General Services Administration set up the Federal Risk and Authorization Management Program (FedRAMP), which has created a set of baseline security requirements that all cloud service providers must meet before hosting federal systems.

The US government wants in on the public cloud, but needs more transparency

Blair Hanley Frank, CIO,  Thursday, November 19, 2015

The U.S. federal government is trying to move more into the cloud, but service providers' lack of transparency is harming adoption, according to Arlette Hart, the FBI's chief information security officer. "There's a big piece of cloud that's the 'trust me' model of cloud computing," she said during an on-stage interview at the Structure conference in San Francisco Wednesday. That's a tough sell for organizations like the federal government that have to worry about protecting important data. While Hart said that the federal government wants to get at the "enormous value" in public cloud infrastructure, its interest in moving to public cloud infrastructure is also tied to a need for greater security.

California’s Cyber Security Policy Is Now the Strongest in the U.S.

Alex Espenson, Tech.co,  Thursday, November 19, 2015

The law, signed by Governor Jerry Brown, is called the California Electronic Communications Privacy Act (CalECPA). (This is not to be confused with the similarly named federal law of 1986.) The CalECPA bars any California state law enforcement agency or other investigative body from forcing a business or individual to unwillingly submit any metadata or digital communications – including text messages and chat, email, cloud-stored documents, or any manner of discovering devices on a network – without first obtaining a warrant.

The Strange Geopolitics of the International Cloud

Ingrid Burrington, The Atlantic,  Tuesday, November 17, 2015

The things that shape data-center geography outside the U.S. aren't all that different from things that shape data-center geography in the U.S. In general, large companies building cloud infrastructure seek access to land, and appealing climates—environmental, financial, and political. Places with high concentrations of Internet exchanges, network infrastructure, U.S.-friendly governments, existing tech sectors, or highly educated populations (Frankfurt, Amsterdam, Hong Kong, Singapore) become logical locations for data centers.

State Government CIOs, Breaking from Private Sector Peers, See Security as Top Priority

Angus Loten, Wall Street Journal,  Friday, November 13, 2015

Security and risk management was cited as the top IT priority by state government CIOs, followed by cloud services and systems consolidation, according to a survey by the National Association of State Chief Information Officers. Among security concerns, state CIOs listed governance, security frameworks, insider threats and data protection, the Lexington, Ky., trade group reported this week.

Interview: Microsoft Azure evolves, in bid to challenge Amazon in the cloud

Todd Bishop, GeekWire,  Friday, November 13, 2015

GeekWire spoke this week with one of the key players in the cloud industry, Jason Zander, the longtime Microsoft executive who runs the Azure engineering team. We talked about the evolution of Azure, its rivalry with Amazon Web Services, Microsoft’s new cloud partnerships with some of its longtime archrivals, and where the Redmond company is trying to take its cloud platform next.

Mr. FedRAMP: Understand your data before you move to cloud

Greg Otto, FedScoop,  Wednesday, November 11, 2015

One of the biggest challenges for federal agencies looking to move to the cloud is figuring out what types of data they have and where that data can reside, the head of FedRAMP said Tuesday. At the Red Hat Government Symposium, FedRAMP Director Matt Goodrich said even as agencies are mixing in cloud instances with their legacy systems, they are struggling with what data they have and where it's appropriate to put that data.

Microsoft Offers Cloud Services From Data Centers in U.K.

Dina Bass and Kristen Schweizer, Bloomberg Business,  Tuesday, November 10, 2015

Microsoft Corp., which has been battling the U.S. government over the privacy of customer information stored overseas, said it will offer cloud services from data centers based in the U.K. Microsoft will sell Azure computing power and Office 365 Internet-based apps from the U.K. starting in 2016, Chief Executive Officer Satya Nadella said at an event in London Tuesday. He also said the software maker has finished its latest phase of expansion for data centers in Ireland and the Netherlands, which serve as hubs for European customers.