Security

IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.

The Twelve Clouds of Christmas

Scott Andersen by Scott Andersen, CGI
Friday, December 19, 2014

On the first cloud of Christmas my CSP gave to me a direct network connection. On the second cloud of Christmas my CSP gave to me two databases and a direct network connection. On the third cloud of Christmas my CSP gave to me three directory connections, two databases and a direct network connection. On the fourth cloud of Christmas my CSP gave to me four shiny new SaaS offerings, three directory connections, two databases and a direct network connection.

How NASA launched its web infrastructure into the cloud

Jonathan Vanian, GigaOM,  Friday, December 19, 2014

The space agency uses Amazon Web Services to provide the backbone for its new Drupal content management system, and has worked out an interesting way to pay for the cloud, explained Kadakia. NASA’s uses a contract vehicle called Solutions for Enterprise-Wide Procurement (SEWP) that functions like a drawdown account between NASA and Amazon. The contract vehicle takes in account that the cost of paying for cloud services can fluctuate based on needs and performance (a site might get a spike in traffic on one day and then have it drop the next day). Kadakia estimates that NASA could end up spending around $700,000 to $1 million for AWS for the year; the agency can put in $1.5 million into the account that can cover any unforeseen costs, and any money not spent can be saved. “I think of it like my service card,” she said. “I can put 50 bucks in it. I may not use it all and I won’t lose that money.”

Doug Wolfe on Cloud Computing at the CIA

Robert Tilford, Ground Report,  Friday, December 19, 2014

Doug Wolfe—a 30 year CIA veteran—has a tough job. As CIA’s Chief Information Officer (CIO), Wolfe is responsible for ushering the Agency into the 21st century with state-of-the-art computing technology while ensuring our systems are secure. As a pioneer of cloud computing at CIA, Wolfe spearheaded a new way of doing intelligence work that allows for increased collaboration across the 17 Intelligence Community (IC) agencies.

The Future of Privacy

Lee Rainie and Janna Anderson, Pew Research,  Thursday, December 18, 2014

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Wanted: An International Rule of Law for Cloud Data

Michael Chertoff by Michael Chertoff, Chertoff Group
Thursday, December 18, 2014

If we don’t figure out a new way of resolving legal conflicts, the universal Web as we know it may soon be Balkanized. Global companies will be subject to competing and inconsistent legal demands—one country may require disclosure of information that another country prohibits from being disclosed. The inevitable result will be that consumers suffer diminished access to the network overall. Decisions companies make about the location of their servers and hardware will be driven by legal gamesmanship rather than by technological or infrastructure considerations. The current free-for-all of competing nations needs to be replaced with an agreed-upon international system for newly designed choice-of-law rules for data in the Internet cloud. Such rules determine which country’s law governs in a dispute, as when we try to decide whose law governs a contract for the sale of goods. We need to harmonize existing rules in a framework of law for the cyber age.

Should privacy regulation be more than just data protection?

Inga Kroener, The Guardian,  Wednesday, December 17, 2014

To get to grips with the surveillance risks that emergent technologies carry, policymakers need to broaden their scope of what privacy is. Rather than solely focusing on data, impact assessments need to address the range of privacy issues that emerge when new technologies, products and services are developed – who might be affected by privacy or surveillance risks, and how they might be harmed.

Halvorsen formalizes new DOD cloud procurement policy

Sean Lyngaas, FCW,  Wednesday, December 17, 2014

Acting Defense Department CIO Terry Halvorsen has issued a memo outlining the Pentagon’s new cloud procurement policy, formally allowing the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to the Defense Information Systems Agency.

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

What the Future Holds for FedRAMP

Nicole Blake Johnson, FedTech,  Wednesday, December 17, 2014

Big changes are ahead for the Federal Risk Authorization Management Program, better known as FedRAMP. A new two-year road map that will be released Wednesday details more than 40 initiatives aimed at accomplishing three overarching goals: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies, by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies while focusing on risk management rather than compliance. The road map groups initiatives in six-, 12-, 18- and 24-month intervals.

Employees “going rogue” with corporate data stored in the cloud

Business Cloud News,  Wednesday, December 17, 2014

A majority of employees storing corporate data in cloud-based platforms are still able to access those platforms after leaving their job, recently published research suggests. Solving the issue requires more than just deploying single sign-on, particularly as enterprises move away from blocking services to becoming more permissive with what apps are allowed to linger behind the firewall. IT decision makers dealing with the issue have repeatedly said rolling out cloud services that could in some way facilitate data loss requires a large push to educate users.