DoD eyes trust-but-verify approach to commercial cloud security

Grazed from FederalNewsRadio. Author: Jared Serbu.

The Defense Department is taking a serious look at overhauling its process for accrediting commercial cloud computing products as secure-enough for military use. Among the ideas DoD is considering: Changing its security approach in a way that would give much more weight to the security techniques a company uses instead of whether one of their particular cloud offerings checks all of the security boxes in a fairly static government document.

Within the next several weeks, the Pentagon will announce a working group of DoD and industry security experts charged with improving the existing security and accreditation process for commercial cloud, the latest version of which was published in an updated security requirements guide (SRG) last month. “I think we have reached the point where we can no longer accredit specific hardware or software, we’ve got to accredit the process,” said DoD Chief Information Officer Terry Halvorsen...

Navy set to launch its first ‘cloud store’

Grazed from FederalNewsRadio.  Author: Jared Serbu.

While the Defense Department has made some strides over the past year in simplifying the way it buys cloud computing services, individual DoD components are still, to a large extent, on their own when it comes to picking a provider and shepherding them through the military’s security approval process. The Navy hopes to change that beginning next month with a managed service it’s calling its “Cloud Store.”

Version 1.0 of the store will have a decidedly limited selection: its catalog will include just one provider, Amazon Web Services, leaning on an existing contract the Navy’s Space and Naval Warfare System Command already holds with AWS...

IBM Gains DoD Authorization for Cloud Services

Grazed from eWeek.  Author: Darryl K. Taft.

IBM has announced that the U.S. Defense Information Systems Agency (DISA) has authorized the company to deliver IBM Cloud services at the highest security levels—known as Impact Level 5—for Controlled Unclassified Information as defined by the U.S. Department of Defense.  The DISA authorization enables DoD agencies to take advantage of IBM's cloud offerings to support applications and manage sensitive data. DISA has granted IBM a "conditional authority to operate" IBM Cloud services hosted at the Allegany Ballistics Laboratory data center in West Virginia, which is owned by the Department of the Navy and leased by IBM.

Big Blue says it is the first cloud provider with a direct connection to the DoD's internal network known as the Non-Secure Internet Protocol Router Network (NIPRNet). The authorization granted by DISA will give other DoD agencies the opportunity ultimately to streamline their authorizations by taking advantage of the thorough process DISA followed...

IBM's cloud cleared to hold DOD data at level 5

Grazed from FedScoop. Author: Greg Otto.

IBM’s cloud services have been given the authority to handle Defense Department data at the highest impact level for controlled unclassified information, giving DOD agencies a second commercial option for managing highly sensitive data. IBM Cloud has been granted a conditional authority to operate by the Defense Information Systems Agency, paving the way for the New York-based tech giant to handle data at Impact Level 5.

For the past 18 months, Amazon Web Services has been the only cloud service provider allow to handle all levels of unclassified data. IBM’s cloud is hosted out the Navy-owned Allegany Ballistics Laboratory in West Virginia, giving agencies the option for their own private cloud or hybrid model...

Read more from the source @ http://fedscoop.com/ibm-cloud-impact-level-5-disa-dod-2016

Pentagon Faulted for Not Having a Clear Definition of Cloud Computing

Grazed from FedTech. Author: Phil Goldstein.

The Defense Department does not have a consistent definition for cloud computing or a complete list of cloud computing service contracts, according to a report from the DOD’s inspector general. That makes it impossible for the department to assess the effectiveness of its cloud computing contracts, the report says.

The inspector general’s office, which issued the report in late December, had sought to find out whether its armed services branches and departments “performed a cost-benefit analysis before acquiring cloud computing services” and whether they had “achieved actual savings as a result of adopting cloud services.”...

DoD’s cloud policy rains some risks, IG says

Grazed from FederalNewsRadio. Author: Scott Maucione.

A new Defense Department Inspector General’s report found problems with the Pentagon’s cloud policy that may have monetary and cybersecurity risks. DoD does not maintain a comprehensive list of cloud computing service contracts because the department’s chief information officer failed to establish a standard, department-wide definition for cloud computing. In addition, the DoD CIO did not develop an integrated repository that could provide detailed information used to identify cloud computing service contracts, the report stated.

As a result, DoD has no way of determining if it is actually saving money by migrating to the cloud and may not be able to effectively identify and monitor cloud computing security risks, the report stated. “DoD’s ability to track cloud computing cost savings, and benefits is greatly limited if DoD is not aware what cloud computing service contracts exist within DoD … [and] unless DoD Components accurately classify their information systems as using cloud computing services, DoD CIO will not be aware what security risks are specific to those services,” the report stated...

Read more from the source @ http://federalnewsradio.com/defense/2015/12/dods-cloud-policy-rains-risks/

Cloud computing takes the lead in government IT spending

 Grazed from UnicomGov.  Author:  Editorial Staff.

The U.S. government has been pushing its cloud-first agenda hard in the past few years in an attempt to improve data center consolidation efforts as well as collaboration between government agencies. In 2011, The Federal Cloud Strategy proposed allocating $20 billion of the total $80 billion IT spend on cloud computing.

Since the release of the report, there have been numerous barriers to adoption, namely distrust of cloud computing among many federal agencies – despite repeated proclamations from federal CIO Tony Scott that cloud computing is safe.   A new study reveals that this may change in the not-too-distant future...

What the FCC can teach other feds about moving to the cloud

Grazed from FedScoop. Author: Greg Otto.

The on-premise data centers at the Federal Communication Commission’s headquarters are a mess. Wires are hanging out of the floor, discarded monitors are strewn about and server racks are all out of place. FCC chief information officer David Bray loves this mess. It means the agency’s data center is empty and the move to the cloud was successful.

There was a time over this past Labor Day weekend where it looked like that move could have been a failure. During the process of moving 200 servers and 60 racks to a commercial data center in West Virginia, Bray’s team of agency IT staff and contract workers rescued the project after spending 55 consecutive hours replacing all the cabling necessary to turn the system back on...

Cloud security challenges prevent greater federal adoption, new survey finds

Grazed from FierceGovernmentIT. Author: Molly Bernhart Walker.

The vast majority of federal IT workers value security over employee convenience, and even though many believe cloud computing improves employee productivity, it's not enough of a benefit to trump the related security challenges. According to a new survey from Dimensional Research and Dell, 89 percent of survey respondents said they valued security versus 11 percent of employees who said they prized convenience.

Seventy-one percent think cloud improves productivity, while 79 percent think the cloud's security challenges prevent greater adoption. The poll, published Sept. 9, surveyed 150 federal IT professionals with more than 1,000 employees at their organizations. It was part of a broader global IT study that included public and private sector IT professionals...

US Air Force Takes To The Cloud With Office 365

Grazed from TechAeris.  Author: John Vincent.

The United States Air Force. Cloud computing. The pun-filled headlines virtually write themselves. However we’ll try to refrain from being too punny.  Last week, the Air Force, in partnership with the Defense Logistics Agency (DLA), announced that it awarded more than 100,000 seats of a Department of Defense dedicated version of Microsoft Office 365 to Microsoft, Dell and General Dynamics.
As part of the deployment, which will begin in the next government fiscal year, the Air Force will have access to secure e-mail, calendaring, Office Web Applications, Skype for Business, and other important collaboration tools, helping the agency communicate more easily across active, civilian, and reserve personnel and move toward a consolidated mobile and messaging platform. Just as important, the Air Force anticipates that the migration will help it realign critical resources to better support its mission in a trusted cloud environment...