The Dangers of Apps

Mary DeRosa by Mary DeRosa, The Chertoff Group
Monday, April 28, 2014

The explosion of smartphones and their apps has improved lives in many ways: greater convenience, more information, and far less boredom, to name a few. But the dangers of apps are beginning to get more attention. Apps access massive amounts of personal data, but they lag far behind other technologies when it comes to protection of privacy and data security.

What is the Cost of a Snowden?

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Wednesday, March 26, 2014

In 2012, the American cybersecurity company, Mandiant (now owned by FireEye) released a report tracking an extensive, comprehensive cybersecurity threat from China. It gave the Chinese program the name “APT-1,” where APT stands for Advanced Persistent Threat. APT was as accurate a characterization as one could imagine – the techniques used by the Chinese where highly sophisticated and advanced, and they were determined and continuous.

U.S. Cloud Services Companies Are Paying Dearly for NSA Leaks

Mary DeRosa by Mary DeRosa, The Chertoff Group
Monday, March 24, 2014

Edward Snowden’s leaks about National Security Agency surveillance practices have had a profound effect on the U.S. cloud computing industry. Experts disagree on the long-term harm to U.S. companies, but recent projections are for $22 billion or more in lost revenue over the next three years. The harm comes largely from backlash over the perceived complicity of U.S. technology companies with NSA operations. That U.S. companies will suffer harm this significant as a result of U.S. government activities raises important questions about U.S. decision-making. In particular, have economic issues, including the competitiveness of U.S. industry and the health of the Internet economy received enough attention in decisions about surveillance? The answer appears to be no.

Cyber Security: Finding the Balance

Scott Andersen by Scott Andersen, CGI
Monday, March 17, 2014

Cyber Security is a tough situation. You have to protect your digital assets. It isn’t in your organization’s best interest to leave things open and at risk. On the other hand, your end users are pushing for more and more capabilities and access to more and more resources from more and more locations.

12 ways to better merge cloud services with ongoing cyber initiatives

Jason Miller, Federal News Radio,  Thursday, January 23, 2014

In the rush to the cloud over the last three years, most agencies have tempered their desires and excitement because of security concerns. Agency chief information officers have struggled to satisfactorily answer a number of questions regarding data ownership and protection, and how do the existing cross-agency cyber initiatives fit into the cloud structure.

Industry group advocates linking cloud, cybersecurity planning

Rutrell Yasin, Government Computer News,  Wednesday, January 22, 2014

An IT industry group led by former Office of Management and Budget e-government administrator Karen Evans says it’s time for the federal government to interconnect the three major IT initiatives it has been driving along largely separate tracks for the last decade: cloud, cybersecurity and mobile computing.

Herding the stray cats of federal IT ambitions

Amber Corrin, Federal Computer Week,  Wednesday, January 22, 2014

Most government agencies are embracing the benefits of cloud computing, a mobile workforce and cybersecurity measures to protect critical networks and assets. But in many cases it has been a struggle just to get to that point, and hurdles remain as different approaches present a fragmented federal IT security picture. Commissioned White Paper Proposes Framework for Improving Federal Cloud Networks and Procurement Processes

Julie AndersonKaren Evans by Julie Anderson, Civitas Group
Karen Evans, KE&T Partners
Thursday, January 16, 2014 today released its latest report titled “Staying Safe in Cyberspace: Cloud Security on the Horizon” at the MeriTalk 2014 Cloud Computing Brainstorm held at the Newseum in Washington, D.C. The report proposes an integrated approach to cloud implementation to help agencies realize the benefits of cloud technologies while meeting current Federal cybersecurity requirements. Until now, efforts to implement cybersecurity and cloud computing initiatives have been fragmented and lack overarching coordination. This report works to address this gap in a series of recommendations intended to mitigate risk while harnessing the vast rewards provided by cloud technologies.

The NIST Cybersecurity Framework and Incentives

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Friday, November 01, 2013

Within the next year the Federal government will adopt a broad Framework of recommended cybersecurity programs that private sector actors and cloud service providers will be asked to voluntarily adopt. Underlying that Framework is an “incentive” structure that, for all practical purposes, may convert these voluntary standards into de facto mandatory industry requirements.

Cloud Broker Will Replace DMZ in the Long Term

Scott Andersen by Scott Andersen, CGI
Wednesday, August 14, 2013

Demilitarized Zones (DMZ) have long been used to describe an area where no military equipment or personnel is allowed to help prevent conflict between two nations. This is the case on the 38th parallel that separates North and South Korea. Computer network designers took this same concept and developed a computing solution that creates a safe zone between an organization’s computer network and the public Internet.