Jason Miller, Federal News Radio, Thursday, January 23, 2014
In the rush to the cloud over the last three years, most agencies have tempered their desires and excitement because of security concerns. Agency chief information officers have struggled to satisfactorily answer a number of questions regarding data ownership and protection, and how do the existing cross-agency cyber initiatives fit into the cloud structure.
Rutrell Yasin, Government Computer News, Wednesday, January 22, 2014
An IT industry group led by former Office of Management and Budget e-government administrator Karen Evans says it’s time for the federal government to interconnect the three major IT initiatives it has been driving along largely separate tracks for the last decade: cloud, cybersecurity and mobile computing.
Amber Corrin, Federal Computer Week, Wednesday, January 22, 2014
Most government agencies are embracing the benefits of cloud computing, a mobile workforce and cybersecurity measures to protect critical networks and assets. But in many cases it has been a struggle just to get to that point, and hurdles remain as different approaches present a fragmented federal IT security picture.
SafeGov.org Commissioned White Paper Proposes Framework for Improving Federal Cloud Networks and Procurement Processes
SafeGov.org today released its latest report titled “Staying Safe in Cyberspace: Cloud Security on the Horizon” at the MeriTalk 2014 Cloud Computing Brainstorm held at the Newseum in Washington, D.C. The report proposes an integrated approach to cloud implementation to help agencies realize the benefits of cloud technologies while meeting current Federal cybersecurity requirements. Until now, efforts to implement cybersecurity and cloud computing initiatives have been fragmented and lack overarching coordination. This report works to address this gap in a series of recommendations intended to mitigate risk while harnessing the vast rewards provided by cloud technologies.
The Chertoff Group
Friday, November 01, 2013
Within the next year the Federal government will adopt a broad Framework of recommended cybersecurity programs that private sector actors and cloud service providers will be asked to voluntarily adopt. Underlying that Framework is an “incentive” structure that, for all practical purposes, may convert these voluntary standards into de facto mandatory industry requirements.
Wednesday, August 14, 2013
Demilitarized Zones (DMZ) have long been used to describe an area where no military equipment or personnel is allowed to help prevent conflict between two nations. This is the case on the 38th parallel that separates North and South Korea. Computer network designers took this same concept and developed a computing solution that creates a safe zone between an organization’s computer network and the public Internet.
Friday, July 26, 2013
A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud (June 2013) (sponsored by WatchDox), reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.
The Chertoff Group
Wednesday, July 10, 2013
In February 2013, President Obama issued an Executive Order intended to strengthen cybersecurity in America. The order was, and remains, controversial for a number of reasons. But, perhaps the most remarkable thing about the order is that cloud service providers – like Google, Amazon and Microsoft – are all exempt from most of the provisions of the order. In some ways, this is a bit like devising a set of rules for the safety of automobiles, but excluding the engine block from the regulation. This decision is odd, at best, and quite possibly a source of cyber insecurity.
Wednesday, May 29, 2013
When global information and analytics provider IHS Inc. lost several terabytes of information regarding U.S. chemical, biological, radiological and nuclear materials to an Iranian hacking group this past February, the company had no way of quickly and securely communicating the incident to the appropriate government agencies. This inability of companies to easily share cyber threat information with the government and other businesses is a key barrier to protecting our nation against ever-increasing internet-based attacks.
The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China. For years, many have identified significant efforts being mounted by Chinese actors to exploit vulnerability in cyber systems developed and deployed in America and the West. But only recently have those efforts emerged publicly.