Policy & Procurement
Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.
Amber Corrin, FCW, Thursday, May 16, 2013
It's hard to measure the impact of something that never happened. But that is exactly what federal agencies and private companies must do in risk management, and in determining the return on investment in IT security.
Kevin Kwang, ZDNet, Tuesday, May 07, 2013
Destinations such as Singapore, Malaysia or Hong Kong need to seize the opportunity of being deemed an acceptable data transfer partner with the European Union in order to get ahead of the competition.
Tuesday, April 30, 2013
This video produced by EletsTV was filmed at a "Cloud Computing and Government" symposium held in New Delhi, India on April 30th. This video features SafeGov's Jeff Gould speaking about the challenges of implementing cloud computing solutions for public sector customers in international markets.
Wednesday, April 03, 2013
Monday, April 01, 2013
Current US law and government IT policy take a limited a view of the potential conflicts between existing government information privacy and security standards and actual vendor data collection practices. As a result, procurement requirements lack appropriate risk-management and enforcement mechanisms. Given the proliferation of data collection practices in Internet services companies, government IT leaders should more directly define the parameters of government data ownership in government IT policy and procurement guidance. Government should also better educate employees and govern the use of Internet-based services on government-owned systems.
Wednesday, March 27, 2013
In federal information technology circles, it's become a truism that agencies spend way too much time and effort doing paperwork in pursuit of cybersecurity and not nearly enough on constantly keeping watch over systems and implementing best practices in real-time to make sure those systems are actually better secured than they were the day before. A new report offers a roadmap that purports to offer ways to implement measures that measure cybersecurity outcomes rather than just processes, while recognizing that no two agencies have the exact same risk profile.
Ryan McDermott, FierceGovernmentIT, Wednesday, March 27, 2013
Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report (.pdf) released Tuesday.
Amber Corrin, Federal Computer Week, Wednesday, March 27, 2013
White House efforts to better protect the networks of government agencies and critical infrastructure operators have been described as a down payment on federal cybersecurity, but with fast-moving threats and continued intrusions, officials are looking for ways to get more secure more quickly.
Nicole Blake Johnson, Federal Times, Wednesday, March 27, 2013
A group of former federal information technology executives are calling on the administration to change the way it assesses the cybersecurity of federal networks.
Wednesday, January 16, 2013
If 2012 was the year for finalizing FedRAMP as a streamlined security program for government cloud computing, 2013 may be the year where the work pays off and vendors start announcing certified FedRAMP cloud computing solutions. But even as vendors get their solutions FedRAMP certified, does FedRAMP really address all the potential concerns an agency might have for implementing a robust cloud computing solution?