By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
    benefits of data analytics for financial industry
    Fascinating Changes Data Analytics Brings to Finance
    7 Min Read
    analyzing big data for its quality and value
    Use this Strategic Approach to Maximize Your Data’s Value
    6 Min Read
    data-driven seo for product pages
    6 Tips for Using Data Analytics for Product Page SEO
    11 Min Read
    big data analytics in business
    5 Ways to Utilize Data Analytics to Grow Your Business
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Securing the Cloud @FedScoop CyberSecurity Summit
Share
Notification Show More
Latest News
cloud-centric companies using network relocation
Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
Cloud Computing
construction analytics
5 Benefits of Analytics to Manage Commercial Construction
Analytics
database compliance guide
Four Strategies For Effective Database Compliance
Data Management
Digital Security From Weaponized AI
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Security
DevOps on cloud
Optimizing Cost with DevOps on the Cloud
Development
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > Securing the Cloud @FedScoop CyberSecurity Summit
Cloud ComputingSecurity

Securing the Cloud @FedScoop CyberSecurity Summit

BobGourley
Last updated: 2011/02/24 at 3:32 PM
BobGourley
8 Min Read
SHARE
- Advertisement -

This panel featured some heavy hitters from government and industry.  This was moderated by Suprotik Ghose, Principal CyberSecurity Strategist, Microsoft.

- Advertisement -

More Read

cloud-centric companies using network relocation

Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation

Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Optimizing Cost with DevOps on the Cloud
Cloud Technology Advances Make Telecommuting Highly Viable
How to Plan a Cybersecurity Strategy for Your Small Business

This panel featured some heavy hitters from government and industry.  This was moderated by Suprotik Ghose, Principal CyberSecurity Strategist, Microsoft.

  • Mike Krieger, CIO of the Army
    • BG Steven Spano, Director of Communications, Air Combat Command, Langley AFB
      • Responsible for operations and communications of 100k Airmen @ Air Combat Control
    • Jeff Casazza, Director of Security, Intel
      • 22 years at Intel, w/ 10 years at Data Center group.
      • Focused on security technologies and innovation at the Data Center level
    • Michael Howard, Worldwide Manager, Security Solutions, HP
      • Working with threats and risks assigned with printing
      • Navy cryptologist experience as well experience with 3-letter agencies
    • CJ Moses, Senior Manager, Amazon Web Services
      • Senior Manager of security for AWS
      • 17 years federal service as a computer crime investigator including time @ JTF-CND

    Question # 1: Are we building a cloud infrastructure without thoughts toward security and privacy?

    Michael Howard – looking at FEDRAMP, HP is working towards fulfilling those requirements to provide secure cloud environment.

    - Advertisement -

    BG Spano – looking at past models w/n DoD/USAF, solution to challenges was to throw capacity (processing/bandwidth/hardware), now we see that capacity will not solve complexity problem.  We need to step back to see if security and privacy is a mask for trust and control, or if it is just the step to centrally provided services (cloud).  Do we look at risk management from a defense in depth perspective which is outdated, or completely change the model?  We must look at cloud as not a “where” we do computing, but rather HOW we do computing.

    Jeff Casazza – Intel is focused on creating the foundation for secure solutions.  He often sees that a lot of security technology is ignored by both industry and government for years.  He sees that out of the 1.25M sites available, less than 1% are even using SSL.  There is a need to embrace and adopt simple encryption.  Encryption was often ignored because of alleged difficulties

    CJ – if the internet was the first generation of advanced IT, and cloud is the second generation – the internet was focused as a communication platform but cloud is not focused the same.  The number one priority for AWS is now security, customer privacy and trust is the key to their services, communications and capabilities fall under security.

    Mike Krieger – Has three priorities;

    1. Operational effectiveness
    2. Security
    3. IT efficiencies

    The hardest thing he finds is to plan for IT dollars.  Has an agency in DoD building a defense cloud.  Seeing migration issues moving to the cloud.  Hardest thing is to keep the operational effectiveness for mission critical troops while dropping costs and maintaining security.

    - Advertisement -

    Question #2: When applications are moved to cloud, what are some of the considerations that they should have?

    Mike Krieger – Army has 300 data centers which are not connected to DoD/IC 10GB backbone.  Data centers have been built just to create localized efficiencies.  Challenge for CIOs is to put policies in place to kill dead applications, to virtualize them, and then to put them in cloud securely.  One question is what are the policies necessary for movement to cloud.  Need to force authentication or drop applications.  Presidential directive to consolidate data centers creates huge opportunity to clean up and shut down dead applications as they must be moved to data centers.

    CJ Moses – Cloud cannot fix past mistakes.  But when looking at migration, use lessons learned from past mistakes and move forward into a data portability model.  When tied to application specific stovepipe/vertical, there is a worry of vendor lock-in.  Data must be portable, capable of being used in many places, supporting multiple activities.  Every federal agency that AWS has worked with has had this issue.  When building next generation architecture, ensure data will be able to be used across government.

    Jeff Casazza – Open Data Center Alliance: trying to define industry requirements.  Designing the requirements of future private sector (which will be mirrored by public sector).  Key is data portability to prevent stovepipes.  Look to ODCA for standards when defining architecture.

    BG Spano – Cloud is just centralization of services, providing integration, interfacing and agility.  Migration toward hosted e-mail, must look to other applications across functional boundaries that need e-mail notifications.  Need for agility outreaches the need for efficiency.  Biggest potential up-front is softwareas a service (SAAS) and thousands of applications possible.  He sees SAAS as the on-ramp towards the cloud.

    - Advertisement -

    Michael Howard – Cloud provides the opportunity to make security a standard for application.  That applications must reach the security standards before being added to the cloud portfolio.

    Question #3: what are you doing to enable continuous monitoring as outlined in FEDRAMP?

    Jeff Casazza – Chip from TCG (trusted computer group) consortium checks lower level BIOS and other all-but untouchable capabilities.  Working w/ RSA + HP to provide continuous monitoring at low level functions.  By checking low level functions, can hit things that are not easily touched by malicious action.

    Mike Krieger – cannot get to continuous monitoring without 100% visibility of network.  Feels that he is at 70% right now – aims to succeed by end 2011 to achieve this.  Hardest part is creating the aggregation points that are cross-domain.  Using 3 different vendor solutions to aggregate network data – hardest part is SOA to come up w/ XML schema (gathering 256 pieces of meta-data for every network access) that can amass data and communicate.  Need to come up with an architecture that is implementable for continuous monitoring.

    BG Spano – Sees continuous monitoring as a trade-off.  Many FISMA requirements are manually intensive to comply with checklists.  Need to spend dollars better to not check boxes, but maintain continuous monitoring (which informs and provides ACTUAL security).

    - Advertisement -

    Questions from audience

    If you had architecture and monitoring in place, could not system complete checklists?

    CJ Moses – Continuous monitoring is not new – except in federal space.  On a cloud system, one API call can provide data for completion of checklists.

    Mike Krieger – how do you do API calls to multiple clouds and multiple firewalls?

    Related posts:

    1. Attend FedScoop CyberSecurity Summit
    2. Live from the Gov 2.0 Expo – Finding Value in the Cloud
    3. Some thoughts informed by a Cloud Summit

     

    BobGourley February 24, 2011
    Share this Article
    Facebook Twitter Pinterest LinkedIn
    Share
    - Advertisement -

    Follow us on Facebook

    Latest News

    cloud-centric companies using network relocation
    Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
    Cloud Computing
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    Analytics
    database compliance guide
    Four Strategies For Effective Database Compliance
    Data Management
    Digital Security From Weaponized AI
    Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
    Security

    Stay Connected

    1.2k Followers Like
    33.7k Followers Follow
    222 Followers Pin

    You Might also Like

    cloud-centric companies using network relocation
    Cloud Computing

    Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation

    5 Min Read
    Digital Security From Weaponized AI
    Security

    Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

    11 Min Read
    DevOps on cloud
    Development

    Optimizing Cost with DevOps on the Cloud

    7 Min Read
    landscape marketing secrets
    Cloud Computing

    Cloud Technology Advances Make Telecommuting Highly Viable

    5 Min Read

    SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

    AI chatbots
    AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
    Chatbots
    ai in ecommerce
    Artificial Intelligence for eCommerce: A Closer Look
    Artificial Intelligence

    Quick Link

    • About
    • Contact
    • Privacy
    Follow US

    © 2008-23 SmartData Collective. All Rights Reserved.

    Removed from reading list

    Undo
    Go to mobile version
    Welcome Back!

    Sign in to your account

    Lost your password?