By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data Analytics instagram stories
    Data Analytics Helps Marketers Make the Most of Instagram Stories
    15 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    What to Know Before Recruiting an Analyst to Handle Company Data
    6 Min Read
    AI analytics
    AI-Based Analytics Are Changing the Future of Credit Cards
    6 Min Read
    data overload showing data analytics
    How Does Next-Gen SIEM Prevent Data Overload For Security Analysts?
    8 Min Read
    hire a marketing agency with a background in data analytics
    5 Reasons to Hire a Marketing Agency that Knows Data Analytics
    7 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Securing the Cloud @FedScoop CyberSecurity Summit
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > Securing the Cloud @FedScoop CyberSecurity Summit
Cloud ComputingSecurity

Securing the Cloud @FedScoop CyberSecurity Summit

BobGourley
Last updated: 2011/02/24 at 3:32 PM
BobGourley
8 Min Read
SHARE

This panel featured some heavy hitters from government and industry.  This was moderated by Suprotik Ghose, Principal CyberSecurity Strategist, Microsoft.

More Read

data breaches

How Hospital Security Breaches Devastate Local Communities

8 Crucial Tips to Help SMEs Guard Against Data Breaches
Cloud Advances Make Record Keeping Compliance Easier Than Ever
Digital Transformation: How To Protect Your Organization From Cyber Risk
Social Engineering Attacks and Other Cybersecurity Threats to Be Aware of in 2023

This panel featured some heavy hitters from government and industry.  This was moderated by Suprotik Ghose, Principal CyberSecurity Strategist, Microsoft.

  • Mike Krieger, CIO of the Army
    • BG Steven Spano, Director of Communications, Air Combat Command, Langley AFB
      • Responsible for operations and communications of 100k Airmen @ Air Combat Control
    • Jeff Casazza, Director of Security, Intel
      • 22 years at Intel, w/ 10 years at Data Center group.
      • Focused on security technologies and innovation at the Data Center level
    • Michael Howard, Worldwide Manager, Security Solutions, HP
      • Working with threats and risks assigned with printing
      • Navy cryptologist experience as well experience with 3-letter agencies
    • CJ Moses, Senior Manager, Amazon Web Services
      • Senior Manager of security for AWS
      • 17 years federal service as a computer crime investigator including time @ JTF-CND

    Question # 1: Are we building a cloud infrastructure without thoughts toward security and privacy?

    Michael Howard – looking at FEDRAMP, HP is working towards fulfilling those requirements to provide secure cloud environment.

    BG Spano – looking at past models w/n DoD/USAF, solution to challenges was to throw capacity (processing/bandwidth/hardware), now we see that capacity will not solve complexity problem.  We need to step back to see if security and privacy is a mask for trust and control, or if it is just the step to centrally provided services (cloud).  Do we look at risk management from a defense in depth perspective which is outdated, or completely change the model?  We must look at cloud as not a “where” we do computing, but rather HOW we do computing.

    Jeff Casazza – Intel is focused on creating the foundation for secure solutions.  He often sees that a lot of security technology is ignored by both industry and government for years.  He sees that out of the 1.25M sites available, less than 1% are even using SSL.  There is a need to embrace and adopt simple encryption.  Encryption was often ignored because of alleged difficulties

    CJ – if the internet was the first generation of advanced IT, and cloud is the second generation – the internet was focused as a communication platform but cloud is not focused the same.  The number one priority for AWS is now security, customer privacy and trust is the key to their services, communications and capabilities fall under security.

    Mike Krieger – Has three priorities;

    1. Operational effectiveness
    2. Security
    3. IT efficiencies

    The hardest thing he finds is to plan for IT dollars.  Has an agency in DoD building a defense cloud.  Seeing migration issues moving to the cloud.  Hardest thing is to keep the operational effectiveness for mission critical troops while dropping costs and maintaining security.

    Question #2: When applications are moved to cloud, what are some of the considerations that they should have?

    Mike Krieger – Army has 300 data centers which are not connected to DoD/IC 10GB backbone.  Data centers have been built just to create localized efficiencies.  Challenge for CIOs is to put policies in place to kill dead applications, to virtualize them, and then to put them in cloud securely.  One question is what are the policies necessary for movement to cloud.  Need to force authentication or drop applications.  Presidential directive to consolidate data centers creates huge opportunity to clean up and shut down dead applications as they must be moved to data centers.

    CJ Moses – Cloud cannot fix past mistakes.  But when looking at migration, use lessons learned from past mistakes and move forward into a data portability model.  When tied to application specific stovepipe/vertical, there is a worry of vendor lock-in.  Data must be portable, capable of being used in many places, supporting multiple activities.  Every federal agency that AWS has worked with has had this issue.  When building next generation architecture, ensure data will be able to be used across government.

    Jeff Casazza – Open Data Center Alliance: trying to define industry requirements.  Designing the requirements of future private sector (which will be mirrored by public sector).  Key is data portability to prevent stovepipes.  Look to ODCA for standards when defining architecture.

    BG Spano – Cloud is just centralization of services, providing integration, interfacing and agility.  Migration toward hosted e-mail, must look to other applications across functional boundaries that need e-mail notifications.  Need for agility outreaches the need for efficiency.  Biggest potential up-front is softwareas a service (SAAS) and thousands of applications possible.  He sees SAAS as the on-ramp towards the cloud.

    Michael Howard – Cloud provides the opportunity to make security a standard for application.  That applications must reach the security standards before being added to the cloud portfolio.

    Question #3: what are you doing to enable continuous monitoring as outlined in FEDRAMP?

    Jeff Casazza – Chip from TCG (trusted computer group) consortium checks lower level BIOS and other all-but untouchable capabilities.  Working w/ RSA + HP to provide continuous monitoring at low level functions.  By checking low level functions, can hit things that are not easily touched by malicious action.

    Mike Krieger – cannot get to continuous monitoring without 100% visibility of network.  Feels that he is at 70% right now – aims to succeed by end 2011 to achieve this.  Hardest part is creating the aggregation points that are cross-domain.  Using 3 different vendor solutions to aggregate network data – hardest part is SOA to come up w/ XML schema (gathering 256 pieces of meta-data for every network access) that can amass data and communicate.  Need to come up with an architecture that is implementable for continuous monitoring.

    BG Spano – Sees continuous monitoring as a trade-off.  Many FISMA requirements are manually intensive to comply with checklists.  Need to spend dollars better to not check boxes, but maintain continuous monitoring (which informs and provides ACTUAL security).

    Questions from audience

    If you had architecture and monitoring in place, could not system complete checklists?

    CJ Moses – Continuous monitoring is not new – except in federal space.  On a cloud system, one API call can provide data for completion of checklists.

    Mike Krieger – how do you do API calls to multiple clouds and multiple firewalls?

    Related posts:

    1. Attend FedScoop CyberSecurity Summit
    2. Live from the Gov 2.0 Expo – Finding Value in the Cloud
    3. Some thoughts informed by a Cloud Summit

     

    BobGourley February 24, 2011
    Share This Article
    Facebook Twitter Pinterest LinkedIn
    Share

    Follow us on Facebook

    Latest News

    ai low code frameworks
    AI Can Help Accelerate Development with Low-Code Frameworks
    Artificial Intelligence
    data Analytics instagram stories
    Data Analytics Helps Marketers Make the Most of Instagram Stories
    Analytics
    data breaches
    How Hospital Security Breaches Devastate Local Communities
    Policy and Governance
    analyst,women,looking,at,kpi,data,on,computer,screen
    What to Know Before Recruiting an Analyst to Handle Company Data
    Analytics

    Stay Connected

    1.2k Followers Like
    33.7k Followers Follow
    222 Followers Pin

    You Might also Like

    data breaches
    Policy and Governance

    How Hospital Security Breaches Devastate Local Communities

    7 Min Read
    data protection for SMEs
    Data Management

    8 Crucial Tips to Help SMEs Guard Against Data Breaches

    10 Min Read
    cloud advances
    Cloud Computing

    Cloud Advances Make Record Keeping Compliance Easier Than Ever

    8 Min Read
    cybersecurity risk and threats
    Security

    Digital Transformation: How To Protect Your Organization From Cyber Risk

    14 Min Read

    SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

    data-driven web design
    5 Great Tips for Using Data Analytics for Website UX
    Big Data
    AI and chatbots
    Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
    Artificial Intelligence Chatbots Exclusive

    Quick Link

    • About
    • Contact
    • Privacy
    Follow US
    © 2008-23 SmartData Collective. All Rights Reserved.
    Go to mobile version
    Welcome Back!

    Sign in to your account

    Lost your password?