The DOD's New Cloud Security Requirements: What Hosts Should Know

Grazed from Datamation. Author: Editorial Staff.

Towards the middle of January, the Defense Information Systems Agency - a subdivision of the United States Department of Defense - released a new cloud computing security requirements guide, which we first heard talk of back in November. The primary purpose of this SRG is to make the process of acquiring commercial cloud services more efficient for DoD agencies (without undermining security, of course). Not surprisingly, this means that the SRG effectively renders obsolete the DoD’s original Cloud Security Model, under which only a few select vendors received authorization.

“In plain language, the new guide explains that components “remain responsible for determining what data and missions are hosted” by cloud service providers,” writes Frank Konkel of Nextgov. “Each use of cloud services will also require an enterprise IT business case analysis, with each analysis required to consider DISA-provided cloud services such as DISA’s milCloud offering.”...

For NOAA, flexible cloud enables mammoth computing

Grazed from FCW. Author: Zach Noble.

Sometimes less is more. Sometimes more is more. Sometimes you just don’t know which will be which ahead of time – and flexibility is king. Producing 20 terabytes of data every day, the National Oceanic and Atmospheric Administration is a prime example of the need for flexibility.

And through its Big Data Project, NOAA’s bringing private-sector ingenuity to bear on the age-old problem: How can government get its work into the hands of the people who want it? Making data public is embedded in NOAA’s history, but that doesn’t mean the organization is fully equipped to disseminate that data on its own, Alan Steremberg, NOAA’s big data-focused Presidential Innovation Fellow, said at AFCEA Bethesda’s June 30 Data Symposium. Steremberg would know...

Read more from the source @ http://fcw.com/articles/2015/07/02/flexible-cloud-computing.aspx

Healthcare.gov's success on AWS inspires federal cloud use

Grazed from TechTarget.  Author: Beth Pariseau.

The United States federal government is moving beyond high-level cultural concerns as it looks to catch up to the private sector in cloud computing.  Instead of conversations about culture, this week's Amazon Web Services Public Sector Symposium here featured discussions about legislation and regulatory initiatives that are in the works to connect the federal government to public cloud.

Federal government poster children were paraded before the crowd at a keynote presentation with tales of success in the trenches with cloud computing -- including Healthcare.gov.  The site famously experienced freezes, crashes and other glitches when it first opened to the public in October 2013...

Cloud Computing: The Army and the new DoD cyber strategy

Grazed from FederalTimes. Author: Robert Ferrell.

Secretary of Defense Ash Carter unveiled the new Department of Defense Cyber Strategy in an address at Stanford University in Silicon Valley, California, April 23, 2015. An update to the original strategy released in 2011, it identifies specific cyber missions for DoD and sets strategic goals to achieve over the next five years and beyond.

These missions and goals will guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. I encourage all to familiarize themselves with the new DoD strategy to gain a better understanding of how it will inform the Army's mission, priorities and way-ahead...

Study Finds Only 41 Percent Of Feds Consider Cloud Part Of Overall IT Strategy

Grazed from BSMinfo. Author: Christine Kern.

A study by Meritalk finds, despite a majority (62 percent) of federal agencies in 2010 that reported they would move to cloud-based computing within five years, in a recent poll, just 41 percent of Feds see cloud as an integral component of their overall IT strategy. This latest study demonstrates that, despite the potential savings of $18.9 billion annually, federal agencies are dragging their feet in the migration to cloud services.

In the 2010 survey, just 5 percent stated that they did not intend to ever migrate to cloud services, while 19 percent predicted a shift within two years. Despite the best efforts of cloud vendors, 89 percent of federal agencies polled report being apprehensive about moving IT services and applications to the cloud, and only 51 percent have utilized cloud-only for a limited number of specific applications...

In line with DoD CIO, Army pushes forward with new cloud policy

Grazed from Amber Corrin.

In line with broader Defense Department initiatives, the Army expects to soon release a new commercial cloud services provider policy that will outline service-specific acquisition requirements and provide further details about the Army's growing use of the commercial cloud.

"Transitioning to cloud-based solutions and services advances the Army's long-term objective to reduce our ownership, operation and sustainment of hardware and other commoditized information technology," Gary Wang, Army deputy CIO/G-6, wrote in an April 2 blog post. "Procuring these capabilities as services will allow the Army to focus resources more effectively to meet evolving mission needs."...

'War game' will determine if DoD can share well with others in the cloud

Grazed from FierceGovernmentIT. Author: Molly Bernhart Walker.

The Defense Department is pushing ahead with a plan that would permit commercial cloud computing providers operating in DoD facilities to serve non-federal government clients. So far, the department allows at least one commercial cloud provider to operate in Defense-owned and operated facility.

But the latest idea – described as a "commercial cloud distribution center" by DoD Chief Information Officer Terry Halvorsen – would take the operation a step further by allowing the data of clients like financial institutions on commercial clouds at DoD facilities. DoD has received several "very attractive" proposals, said Halvorsen during a March 18 press briefing, and the department will soon "walk through a war game of those proposals."...

Read more from the source @ http://www.fiercegovernmentit.com/story/war-game-will-determine-if-dod-can-share-well-others-cloud/2015-03-19

Is cloud computing secure enough for spies? CIA bets on Amazon

Grazed from ZDNet. Author: Steven J. Vaughan-Nichols.

When you think spy agencies and the cloud, you probably think about the National Security Agency (NSA) snooping on the cloud. Well, guess what? Intelligence agencies use the cloud for their own IT as well. Or, at least the Central Intelligence Agency (CIA), aka the Company, does with its own private Amazon cloud.

Why would the CIA do this? Well, as Michael McConnell, former director of the National Security Agency, said in 2012, "The economics of the cloud are so compelling they can't be denied. [But,] we have to get the security aspects right." So while I'm sure the CIA's cloud takes the notion of a private cloud to new levels, it's not going to share its cloud security secrets...

CIA claims its Amazon Web Services cloud is at ‘final operational capability’

Grazed from CloudComputing.Net.  Author:  James Bourne.

It was one of the most fascinating battles of 2013: who would win the lucrative CIA cloud computing contract? Two horses were in the race, Amazon Web Services (AWS) and IBM; and it was the former who eventually came out on top despite appeals from the latter.  Now, according to CIA chief information officer Doug Wolfe, the AWS cloud has attained “final operational capability”.

As reported by Enterprise Tech, Wolfe told delegates at an industry event this week the CIA cloud would be “offset” on a private security network, and AWS had “made a big investment” in the project.  The AWS cloud will be unleashed across 17 US intelligence agencies according to the report, with Wolfe noting the CIA was “behind where [they] hoped to be” in terms of cloud adoption...

DoD accelerates security rules for cloud computing

Grazed from FederalRadioNews. Author: Jared Serbu.

The Pentagon is already working on changes to federal acquisition rules which would require stepped-up notification procedures when private companies hosting DoD data have their systems penetrated by hackers. But the department evidently feels a sense of urgency about those rules when it comes to its still-emerging use of cloud computing.

On Feb. 8, DoD published a class deviation — a sparsely-used procedure that lets the department implement regulatory changes immediately — telling all of its contracting officers that if they are purchasing anything remotely resembling cloud computing services, they must follow new procedures the DoD CIO laid out last month in its new security requirements guide for cloud computing...

Read more from the source @ http://www.federalnewsradio.com/1323/3805533/DoD-accelerates-security-rules-for-cloud-computing