Microsoft says NSA spying hit trust in the cloud

Grazed from SCMagazine. Author: Doug Drinkwater.

The firm's principal cyber-security strategist Jeff Jones was presenting at the IP Expo Europe exhibition in London on Thursday, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole.

The firm claims to offer more than 200 cloud service products but has been in the headlines for all the wrong reasons over the last 18 months; first over claims that SkyDrive was continually tapped by the NSA, and then over the US DOJ decision that the government could view information held at its non-US data centres...

DoD hesitant on cloud despite AWS security certifications

Grazed from TechTarget.  Author: Editorial Staff.

Government bureaucracy remains slow-moving despite AWS security certifications that allow the cloud provider to host sensitive data.  Amazon Web Services (AWS) was the first public cloud to receive a provisional authorization from the Department of Defense (DoD) under the Defense Information Systems Agency's Cloud Security Model to host Level 3-5 workloads, in late August. Levels 3-5 refer to unclassified, but highly sensitive data. Level 6, which is still excluded from the provisional authorization, pertains to classified data.

Meanwhile, the DoD is methodical in deploying new technologies, said U.S. Air Force Brigadier General Steve Spano, who now works as Amazon's general manager for defense and national security, in a keynote here this week during the Cloud Computing Association's Cloud Developers Summit and Expo 2014...

Three new (and a few old) cloud computing challenges stymie government rollouts

Grazed from NetworkWorld. Author: Editorial Staff.

In 2012 when the Government Accountability Office reviewed the feds cloud computing effort, it found seven core challenges to moving impeding the administrations’ move toward the cloud. In the two years that have passed, the GAO this week reported that government agency use of cloud computing has grown, but a few new challenges have cropped up that hinder widespread cloud adoption.

Lets start with cloud adoption. The GAO reviewed the same seven agencies in 2014 it had in 2012, including the Departments of Agriculture and Homeland Security. “Each of the seven agencies reviewed implemented additional cloud computing services since GAO last reported on their progress in 2012. For example, since then, the total number of cloud computing services implemented by the agencies increased by 80 services, from 21 to 101...

Virtualization, Cloud Complicate Insider Threats for Federal CIOs

Grazed from CIO. Author: Kenneth Corbin.

Within the federal government, the shift toward virtualization and cloud computing is already well underway, but agency and industry officials warn that those migrations invite new security considerations, particularly in the form of insider threats. Eric Chiu, president of the cloud and virtualization security firm HyTrust, notes the familiar list of arguments in favor of virtualizing servers and systems – lower costs and increased agility and efficiency chief among them – but points out that there are dangers associated with that transition.

"Virtualization also concentrates risk … You're taking what used to be lots of separate physical systems that had their own configurations, their own separate management consoles, their own separate group of experts that managed them, and you're collapsing all that functionality onto a single software layer," Chiu said during a panel discussion hosted by Federal News Radio. "Any virtualization admin can access any VM, could copy any VM, could delete or destroy any VM," he adds. "If you look at today's threat, it's really coming from the inside."...

Federal Cloud Computing Broker Offers Business Advice: Don't Move Everything

Grazed from MidsizeInsider. Author: Doug Bonderud.

While the cloud is a "very viable scenario," there are some things that do not belong in the cloud, such as nuclear command and control, says David Bennett, CIO of the Defense Information Systems Agency (DISA), a Department of Defense cloud computing broker. Sure, midsize companies may not have the power to level nations and scorch the earth, but there is solid advice here — the cloud is ideal for many things, but not for everything.

Shields Up

According to a recent CIO article, Bennett has a message for the leaders of other agencies: "carefully consider which data sources and applications are suitable for a remotely hosted and managed environment." His feeling is that certain assets must stay behind local perimeters. Determining what is suitable for the cloud means taking a hard look at existing data sources and applications to identify "crown jewels" that are better safe than as-a-service. He also calls out the need for continuous monitoring that goes beyond watching data to cover an entire business network, everything from application behavior to bandwidth use to employee activity. And of course, it is critical to have access to this monitoring data in real-time...

Agencies Demand FedRAMP-Approved Cloud Services

Grazed from FedTech. Author: Nicole Blake Johnson.

The Federal Risk and Authorization Management Program has redefined how commercial cloud vendors do business with the government. In many ways, the program has set clear expectations for both agencies and companies by creating a common language and standards for securing cloud-based products and services.

Federal cloud computing has grown into a $3 billion market since the pre-FedRAMP era, when agencies didn’t have a mechanism for certifying if vendors could meet security requirements. Agencies have come a long way since then, and it shows in their solicitations for cloud services. Requests for FedRAMP-approved cloud services have become common...

DISA harnesses the power of the cloud

Grazed from C4ISRNet. Author: Editorial Staff.

The Department of Defense CIO tasked DISA to be the DoD Cloud Broker to make it easier, safer and more productive to navigate, integrate, consume, extend and maintain cloud services, within the department and from other federal and commercial cloud service providers. As the department evolves to meet future requirements and a mounting demand for services and capabilities, DISA is charting the course to develop a robust cloud environment.

Likewise, while the department continues to gain momentum transitioning to a Joint Information Environment (JIE), the agency is acting on the necessity for a more streamlined, centralized, transparent and cost-effective system to fit current and future needs of all DoD agencies. Equally important, the JIE reduces the department’s overall attack surface to ensure secure cloud computing...

Read more from the source @ http://www.c4isrnet.com/article/20140819/C4DISA/308190007/DISA-harnesses-power-cloud

DoD Greenlights Cloud Computing Pilots for Sensitive Military Data

Grazed from FedTechMagazine. Author: Nicole Blake Johnson.

The Defense Department is seriously considering how it can move certain classifications of sensitive data into secure cloud environments operated by private companies. DoD’s acting CIO, Terry Halvorsen, said the department will announce five pilots within the next 20 days. “I won’t give you the exact timeline, but it could be the first of September,” Halvorsen told attendees Wednesday at the Federal Forum conference in Washington, D.C.

Halvorsen’s team received approval to begin testing how DoD can migrate level 3 and level 4 military data to the cloud. These classification levels are for controlled unclassified information (CUI), which includes data that are For Official Use Only (FOUO), Law Enforcement Sensitive (LES) or DoD Unclassified Controlled Nuclear Information...

DoD to release cloud computing pilots by September

Grazed from FederalTimes.  Author: Andy Medici.

The Defense Department will soon be moving some of its data into the cloud as part of a series of pilot projects, acting chief information officer Terry Halvorsen said Aug. 13.  He said at the 2014 Federal Forum in Washington, D.C., that he expects DoD to announce five pilots by Sept. 1 that will expand its efforts to move data into the cloud and has promised his staff a steak dinner when they finalize the pilots.

“I think you will see us announce that fairly quickly going forward,” Halvorsen said.  The Defense Department will start with level three data — sensitive information that is not for the public — and then move on to level four. But the focus will be in what he called semi-private clouds, such as government-only clouds available in the private sector...

Read more from the source @ http://www.federaltimes.com/article/20140813/IT/308130012/DoD-release-cloud-computing-pilots-by-September?odyssey=mod|newswell|text|Departments|p

FTC, SEC put emphasis on cloud-based networks

Grazed from BizJournals. Author: Editorial Staff.

The Federal Trade Commission wants to upgrade its computer networks and software, and the key focus is the cloud — something the Securities and Exchange Commission has used for years, according to Federal News Radio. Federal Trade Commission CIO Bajinder Paul said the agency is interested in how cloud computing can swiftly bring operational capabilities to employees, create a path for innovation and aggregate acquisition initiatives across the agency, according to the report.

Paul said the agency wants better cloud-based data analytics tools to take advantage of enterprise applications that bring in more data. SEC CIO Thomas Bayer said his agency already uses 50 cloud-based applications.