Government

DISA releases new security guide for cloud computing

Grazed from DefenseSystems. Author: Kevin McCaney.

The Defense Information Systems Agency has released its new security requirements guide for cloud computing, which is intended to make it easier—and quicker—for Defense Department agencies to procure commercial cloud services while still ensuring security. The new SRG puts out to pasture the Cloud Security Model, under which only a handful of vendors had received authorization, and more closely follows the Federal Risk and Authorization Management Program used by civilian federal agencies—although it does set additional requirements in areas where extra security is needed. In many cases, cloud providers will seek to comply with the SRG in coordination with their FedRAMP reauthorization.

"The SRG is designed to ensure that DOD can attain the full economic and technical advantages of using the commercial cloud without putting the department’s data and missions at risk," Mark Orndorff, DISA Risk Management Executive, said in a statement. The new guide sets the security requirements for information up to the Secret classification, sets standards for what systems or information can be handled in a virtual environment and what data should be physically separated, and tweaks the impact levels identified under the old Cloud Security Model...

BrightLine to Exhibit at the Federal Cloud Computing Summit

Grazed from MarketWire. Author: PR Announcement.

BrightLine CPAs & Associates, Inc., a leading provider of cloud computing compliance and attestation reporting services, will be a sponsor and exhibitor at the Federal Cloud Computing Summit. The event, scheduled for January 14-15, will take place at the Marriott Metro Center in Washington, D.C. BrightLine professionals will be on-hand to discuss compliance initiatives, including FedRAMP and FISMA as well as complementary assessment programs such as SSAE 16, SOC 2/3, ISO, PCI, and the Cloud Security Alliance STAR Certification and Attestation programs.

The Federal Cloud Computing Summit provides Federal Government and private sector technology subject matter experts an opportunity to discuss the latest tools, trends and strategies driving the adoption of mobile, cloud, virtualization and big data technologies throughout the government. The sessions provide collaboration and learning through panel discussions, round table discussions, breakout sessions and a showcase featuring demonstrations of cutting-edge technology and professional services.

Cloud Computing: DISA Aims for Next-Generation System to Secure Millions of Connected Devices

Grazed from NextGov. Author: Editorial Staff.

The Defense Information Systems Agency is turning to industry for “novel” approaches to secure the millions of devices plugged in -- and virtually connected -- to the Pentagon’s computer networks. A Jan. 5 request for information queries contractors on a “next-generation” endpoint security system that would allow the agency to better configure, secure and keep tabs on network endpoints all using a central management tool.

Put simply, endpoints are all those devices -- desktops, laptops, mobile devices, servers -- connected to DOD’s networks. All told, there are 4 million of them. Endpoint security, then, describes the process of safeguarding those devices -- usually through software, such as antivirus and firewall protections...

Cloud companies will grapple with increasing government privacy regulations, says Porticor: 2015 Tech Predictions

Grazed from SiliconAngle.  Author: Suzzane Kattau.

In 2015, more companies will migrate their compliant data to the cloud, there will be more cloud-targeted attacks by hackers or countries, and more U.S. cloud computing companies will deal with increasing European privacy regulations. This is all according to Ariel Dan, Executive VP and co-founder of Porticor Ltd., a cloud encryption and cloud security solutions provider for enterprises and small to medium-sized businesses (SMBs).

Dan’s predictions about enterprise cloud are all part of our second annual Technology Predictions series in which industry experts share their predictions with us about the hot tech trends that they think will take center stage in 2015. We’ll be sharing all of their predictions with you over the next couple of days. Read on for more from Dan...

Cloud Computing: Microsoft Azure Government Comes Out Of Preview

Grazed from TechCrunch.  Author: Frederic Lardinois.

Microsoft today announced that its Azure Government cloud computing service for federal, state, local and tribal U.S. governments is now generally available after more than a year of being in preview. This means the service is now open to all U.S. government customers. There are no more preview programs and the service is also now open for all workloads.

By default, Azure Government ensures that all data stays within the U.S. and within data centers and networks that are physically isolated from the rest of Microsoft’s cloud computing solution. It’s in compliance with FedRAMP, a mandatory government-wide program that prescribes a standardized way to carry out security assessments for cloud services...

Pentagon falling short on cloud strategy

Grazed from FCW. Author: Sean Lyngaas.

The Defense Department might be missing out on benefits of the cloud and increasing the risk from cyber threats because of flawed implementation of its cloud-computing strategy, an inspector general report has found. The DOD IG reviewed three cloud contracts from October 2013 to September 2014 and found that DOD authorities did not get the waivers they needed to use a non-DOD-approved cloud service provider because DOD's CIO "did not develop an implementation plan that included assignment of roles and responsibilities and associated tasks, resources and milestones," the report states.

Furthermore, auditors said the CIO did not have a detailed written process in place for getting a waiver. The department also has provided insufficient training to acquisition and contract specialists who buy cloud services, states the report, which was published Dec. 4...

Read more from the source @ http://fcw.com/articles/2014/12/05/dod-ig-cloud-report.aspx

New DoD cloud policy delayed

Grazed from FederalTimes. Author: Aaron Boyd.

The Department of Defense’s new cloud procurement policy — orignally promised for mid-November — is now slated to be released in December, according to a spokesperson from the DoD Office of the Chief Information Officer. In an effort to speed the department’s move to cloud computing, the new policy will divest authority from the Defense Information System Agency to the contracting officers at each branch and agency within DoD.

Before issuing the policy, a memo has been circulating among the component agencies for review, a process that is still ongoing. Despite minor delays, the policy should be signed and released in early December, sooner than later, according to the DoD representative...

Read more from the source @ http://www.federaltimes.com/article/20141202/FEDIT01/312020017/New-DoD-cloud-policy-delayed

Here's What the Rewrite of DOD's Cloud Strategy Will Look Like

Grazed from NextGov. Author: Editorial Staff.

An update to the Defense Department’s cloud computing strategy aims to decentralize the process for purchasing commercial cloud solutions away from the Defense Information Systems Agency and toward individual agencies, according to a draft document of the retooled cloud strategy obtained by Nextgov.

The 46-page draft document has not been released publicly and is subject to change, according to a DOD spokeswoman. DOD acting Chief Information Officer Terry Halvorsen alluded to its pending release in a recent speech. The new strategy, “DOD Cloud Way Forward,” describes a “cradle-to-grave process” that service providers and customers can follow to get DOD computing to the cloud...

GSA engages industry on special cloud acquisition category

Grazed from FedScoop.  Author: Billy Mitchell.

The emergence of cloud computing as a high-demand IT solution hasn’t been the clearest in terms of procurement. But now that it appears the technology is here to stay, the General Services Administration wants to create a cloud category in the federal government’s largest acquisition vehicle to make it easier to find and buy.

GSA hosted an onsite industry day Tuesday soliciting feedback from vendors on its proposed addition of a special item number (SIN) for cloud computing to its IT Schedule 70 acquisition vehicle...

Cloud Consistency: The U.S. Government Cloud Computing Technology Roadmap

Grazed from MSPMentor.  Author: Michael Brown.

The National Institute of Standards and Technology (NIST) released its final version of the US Government Cloud Computing Technology Roadmap, Volumes I and II recently. The roadmap provides international guidelines, objectives and “Priority Action Plans” for cloud computing, with the hope of improving cybersecurity for the United States' critical infrastructure and individual organizations.

Taking into consideration over 200 comments from other nations worldwide, this document covers a wide range of relevant ideas, challenges and recommendations related to cloud management and deployment. But is there really a point in trying to impose standards and define a technology that is still at the very beginning stages of its evolution?...