IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.
The Chertoff Group
Friday, November 01, 2013
Within the next year the Federal government will adopt a broad Framework of recommended cybersecurity programs that private sector actors and cloud service providers will be asked to voluntarily adopt. Underlying that Framework is an “incentive” structure that, for all practical purposes, may convert these voluntary standards into de facto mandatory industry requirements.
Wednesday, August 14, 2013
Demilitarized Zones (DMZ) have long been used to describe an area where no military equipment or personnel is allowed to help prevent conflict between two nations. This is the case on the 38th parallel that separates North and South Korea. Computer network designers took this same concept and developed a computing solution that creates a safe zone between an organization’s computer network and the public Internet.
Friday, July 26, 2013
A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud (June 2013) (sponsored by WatchDox), reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.
The Chertoff Group
Wednesday, July 10, 2013
In February 2013, President Obama issued an Executive Order intended to strengthen cybersecurity in America. The order was, and remains, controversial for a number of reasons. But, perhaps the most remarkable thing about the order is that cloud service providers – like Google, Amazon and Microsoft – are all exempt from most of the provisions of the order. In some ways, this is a bit like devising a set of rules for the safety of automobiles, but excluding the engine block from the regulation. This decision is odd, at best, and quite possibly a source of cyber insecurity.
Wednesday, May 29, 2013
When global information and analytics provider IHS Inc. lost several terabytes of information regarding U.S. chemical, biological, radiological and nuclear materials to an Iranian hacking group this past February, the company had no way of quickly and securely communicating the incident to the appropriate government agencies. This inability of companies to easily share cyber threat information with the government and other businesses is a key barrier to protecting our nation against ever-increasing internet-based attacks.
The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China. For years, many have identified significant efforts being mounted by Chinese actors to exploit vulnerability in cyber systems developed and deployed in America and the West. But only recently have those efforts emerged publicly.
Monday, April 01, 2013
Current US law and government IT policy take a limited a view of the potential conflicts between existing government information privacy and security standards and actual vendor data collection practices. As a result, procurement requirements lack appropriate risk-management and enforcement mechanisms. Given the proliferation of data collection practices in Internet services companies, government IT leaders should more directly define the parameters of government data ownership in government IT policy and procurement guidance. Government should also better educate employees and govern the use of Internet-based services on government-owned systems.
Wednesday, March 27, 2013
In federal information technology circles, it's become a truism that agencies spend way too much time and effort doing paperwork in pursuit of cybersecurity and not nearly enough on constantly keeping watch over systems and implementing best practices in real-time to make sure those systems are actually better secured than they were the day before. A new report offers a roadmap that purports to offer ways to implement measures that measure cybersecurity outcomes rather than just processes, while recognizing that no two agencies have the exact same risk profile.
Ryan McDermott, FierceGovernmentIT, Wednesday, March 27, 2013
Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report (.pdf) released Tuesday.
Amber Corrin, Federal Computer Week, Wednesday, March 27, 2013
White House efforts to better protect the networks of government agencies and critical infrastructure operators have been described as a down payment on federal cybersecurity, but with fast-moving threats and continued intrusions, officials are looking for ways to get more secure more quickly.