Best Practices

Properly planned and well-executed, cloud migration can result in significant savings, increased efficiency and performance, and even enhanced privacy and security. This section of the SafeGov.org site includes case studies of cloud deployments with the goal of articulating best practices and potential pitfalls by focusing on the risk management, strategic planning, and resource management issues that define a successful cloud transition.

NIST Releases Cloud Computing Roadmap

Christine Kern, Business Solutions,  Friday, November 21, 2014

The National Institute of Standards and Technology (NIST) has published the final version of the US Government Cloud Computing Technology Roadmap, Volumes I and II. Reflecting the input of more than 200 comments on the initial draft, this report leverages the available strengths and resources and highlights the strategic and tactical objectives necessary to support accelerated cloud computing adoption by federal agencies, according to a press release.

The Broker Road Less Traveled

Scott Andersen by Scott Andersen, CGI
Tuesday, November 18, 2014

I’ve been thinking and writing about the cloud market now for more than five years. In that time I have seen a number of solutions come and go. What I haven’t seen yet is the small agile solution that in the end forces the larger players to change not only their approach but in the end also what and how they deliver services. So I am stuck with that question what might that change be? Recently I started realizing that in the end the change that would modify the CSP’s quickly and in the end change the market forever is the solution known as a cloud broker.

5 ways to minimize risk in the cloud

Marty Heinrich, Federal Times,  Tuesday, November 18, 2014

Chief concerns over cloud storage include vulnerability to hacking and theft, privacy and ownership of information that resides outside of agency firewalls, lack of portability standards, weak records management capability, and insufficient due diligence before migration. The following are recommendations for creating policies to minimize risk surrounding the management of information stored in cloud environments ...

What Every Business Owner Needs to Know About Data Sovereignty

Ajay Patel, SmartData Collective,  Monday, November 17, 2014

Sovereignty isn’t usually the first word that comes to mind when thinking about data. With all the recent data fiascos, privacy is what’s at the forefront of most consumers’ minds. But data sovereignty relates to data privacy, and businesses need to understand this concept when choosing where they store their digital information. Unfortunately, the laws and regulations protecting digital information can be extremely complex. They are dependent on different governments and jurisdictions, and data stored in certain countries may or may not be subject to subpoena by another country’s government (or even the host country’s government).

DoD Changes Cloud Computing Policy

Henry Kenyon, InformationWeek Government,  Monday, November 17, 2014

The Department of Defense is getting ready to deploy a new cloud computing policy that allows the armed services more say in selecting service providers. Besides allowing commercial vendors to support DoD operations, the move also allows the military to be more efficient in adopting mobile devices and other related technologies, said the department's acting chief information officer.

NIST marks top security requirements for government cloud

William Jackson, GCN,  Friday, November 14, 2014

“Security controls need to be reexamined in the context of cloud architecture, scale, reliance on networking, outsourcing and shared resources,” the authors write. “For example, multi-tenancy is an inherent cloud characteristic that intuitively raises concern that one consumer may impact the operations or access data of other tenants running on the same cloud.” NIST says recommended priority action plans for cloud security are: •Continue to identify cloud consumer priority security requirements, on at least a quarterly basis. •Periodically identify and assess the extent to which risk can be mitigated through existing and emerging security controls and guidance. Identify gaps and modify existing controls and monitoring capabilities. •Develop neutral cloud security profiles, technical security attributes and test criteria. •Define an international standards-based conformity assessment system approach.

How enterprises will use the cloud for big data analytics

Lynn Langit, Gigaom,  Monday, November 10, 2014

Enterprise IT infrastructure largely predates the emergence of cloud computing as a viable choice for hosting data-driven applications. Large organizations are now showing real signs of adopting cloud computing for certain applications and a few forward-thinking enterprises are formulating the concept of data as a service, based on performing big-data analytics in the cloud. However, exactly when big-data analytics will move to the cloud remains an open question.

DISA in Compliance with Cloud Security Standards

Bob Brewin, Nextgov,  Tuesday, November 04, 2014

Mark S. Orndorff, the mission assurance executive for the Defense Information Systems Agency, said three commercial cloud services are currently available to DOD users: Autonomic Resources, CGI Federal and Amazon Web Services. Assessments of FedRAMP-compliant offerings from providers such as Hewlett-Packard, Lockheed Martin, AT&T, Akamai, Microsoft, Oracle and a cloud solution offered by the Agriculture Department are underway, he said.

Look at what Google and Amazon are doing with databases: That's your future

Toby Wolpe, ZDNet,  Monday, November 03, 2014

With their thousands of software engineers, huge resources and myriad databases, the Googles, Amazons and Facebooks may seem to inhabit an alternative IT universe. But what the big web services firms are doing today with data volumes and data types will soon be the common experience for many businesses, according to Neo Technology CEO Emil Eifrem. "If you're interested in seeing the future of how data-oriented architectures are likely to evolve, the future is already here — just unevenly distributed," Eifrem said.

Do You Know What Apps Your Employees Use?

Deborah Gage, Wall Street Journal,  Monday, October 27, 2014

Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.