NIST marks top security requirements for government cloud

Grazed from GCN. Author: William Jackson.

Cloud computing offers both unique advantages and challenges to government users. The advantages are well-advertised: Greater efficiency, economy and flexibility that can help agencies meet rapidly changing computing needs quickly and cheaply while being environmentally friendly.

Among the challenges, security is the most commonly-sited concern in moving mission-critical services or sensitive information to the cloud. To address this, a recently released roadmap from the National Institute of Standards and Technology recommends a plan to ensure cloud offerings meet government security needs while being flexible enough to adapt to the policies and requirements of multiple tenants, including foreign governments...

DoD's new cloud policy coming in two weeks

Grazed from FederalTimes. Author: Aaron Boyd.

The Department of Defense will be releasing an updated cloud computing policy within the next two weeks, acting department CIO Terry Halvorsen said Thursday. The re-write of the 2012 policy is intended to speed up the procurement process by giving more purchasing authority to individual agencies.

“I was not really thrilled with the original cloud policy that came out,” Halvorsen said. “Mostly because I don’t think we were getting the cloud fast enough.” Noting that you should be careful what you wish for, Halvorsen was tasked with revamping the existing policy to speed up the process without sacrificing agencies’ strict security needs...

Read more from the source @

FBI moves to expand computer search powers, complicating Microsoft's push to protect overseas cloud customers

Grazed from GigaOM. Author: Jeff John Roberts.

Microsoft is the midst of a defiant stand against the federal government, insisting that a U.S. search warrant can’t force it to turn over emails located on a server in Ireland. The company has even taken the unusual step of opening itself to a contempt of court order, as part of a larger plan to reassure cloud computer customers in other countries that their data is safe from U.S. surveillance.

But now Microsoft’s high-profile legal campaign, which has received support from the likes of Apple and Cisco, could get under cut from another quarter: the FBI is quietly lobbying Congress to rewrite the rules for search warrants in order to expand their reach. If the lawmakers agree, this would mean that “searches” authorized by American judges would no longer be restricted to a specific geographic location in the United States (which is how search warrants typically work.)...

DOD's Vision for a Commercial Cloud Ecosystem

Grazed from FedTechMagazine. Author: Nicole Blake Johnson.

There was a time when Defense Department officials balked at the idea of integrating commercial cloud services with military networks, let alone hosting sensitive data in a contractor-owned facility. But those sentiments are evolving, along with the options DOD is considering for developing a commercial cloud ecosystem for its users.

The department is exploring two private cloud deployment models that would put commercial cloud technologies in DOD data centers or adjacent to them, the Defense Information System Agency noted in a request for information last month. As the entity charged with tracking how DOD operates cloud connection points and what technology is operating across the network, DISA is exploring those models' viability and whether they warrant a request for proposal to industry...

DISA in Compliance with Cloud Security Standards

Grazed from NextGov. Author: Editorial Staff.

The Defense Information Systems Agency currently offers its military customers certified cloud computing services from three vendors and has another seven under assessment for compliance with governmentwide security standards, top agency officials told Nextgov. FedRAMP reviews aim to speed the adoption of cloud deployments across government by allowing cloud services to be vetted once – at a particular security level – and then deployed by a multitude of agencies. Agencies must comply with FedRAMP as a matter of federal policy.

But as noted in a recent review from the Council of Inspectors General on Integrity and Efficiency, neither the FedRAMP program office nor the Joint Authorization Board -- made up of the chief information officers of General Services Administration and the departments of Defense and Homeland Security -- can force agencies to comply with FedRAMP...

Read more from the source @

Regulation Lagging for Cloud-Based Government Data

Grazed from CorpCounsel. Author: Marlisse Silver Sweeney.

It seems that government-based auditors and general counsel may have their heads in the clouds, at least with respect to accessing data that’s stored there, according to Sandra Jontz in Insurance News Net. She says the U.S. government’s rush to adopt cloud-computing technologies “left policy aperture fraught with challenges that caught some agencies unprepared—particularly adjuncts in inspector general and general counsel offices.”

Take, for instance, the Office of Management and Budget. Its policies require agencies to adopt “cloud-first” technology. Yet the same policies don’t provide contract language guaranteeing GCs will have access to the data stored by these commercial cloud services for internal investigations, says Jontz...

Read more:

Microsoft says NSA spying hit trust in the cloud

Grazed from SCMagazine. Author: Doug Drinkwater.

The firm's principal cyber-security strategist Jeff Jones was presenting at the IP Expo Europe exhibition in London on Thursday, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole.

The firm claims to offer more than 200 cloud service products but has been in the headlines for all the wrong reasons over the last 18 months; first over claims that SkyDrive was continually tapped by the NSA, and then over the US DOJ decision that the government could view information held at its non-US data centres...

Three new (and a few old) cloud computing challenges stymie government rollouts

Grazed from NetworkWorld. Author: Editorial Staff.

In 2012 when the Government Accountability Office reviewed the feds cloud computing effort, it found seven core challenges to moving impeding the administrations’ move toward the cloud. In the two years that have passed, the GAO this week reported that government agency use of cloud computing has grown, but a few new challenges have cropped up that hinder widespread cloud adoption.

Lets start with cloud adoption. The GAO reviewed the same seven agencies in 2014 it had in 2012, including the Departments of Agriculture and Homeland Security. “Each of the seven agencies reviewed implemented additional cloud computing services since GAO last reported on their progress in 2012. For example, since then, the total number of cloud computing services implemented by the agencies increased by 80 services, from 21 to 101...

CIO of Defense Department Agency Cautions Against Rush to Cloud

Grazed from CIO. Author: Kenneth Corbin.

For all the enthusiasm surrounding the government's move to the cloud – and there's no shortage – one prominent federal CIO is emphatic that cloud computing, for all its virtues, is no panacea for the government's technology challenges. That would be David Bennett, CIO at the Defense Information Systems Agency, or DISA.

At a government IT conference hosted by the tech consortium MeriTalk, Bennett acknowledged that "the cloud is a very viable scenario" for the feds, but he urges CIOs and other agency leaders to carefully consider which data sources and applications are suitable for a remotely hosted and managed environment...

Cloud Computing: DOD Deputy CIO - 'Cybersecurity should vary by mission'

Grazed from FCW. Author: Cobly Hochmuth.

No "one size fits all" at the Pentagon. The different levels of mission risk at the Defense Department have posed a major challenge to building out DOD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, the department is working to make distinctions on the varying levels of risk by mission in order to make better decisions.

"Cybersecurity should vary by mission," Hale said in his keynote at the MeriTalk Cloud Computing Brainstorm event in Washington, D.C., on Sept. 10. "I shouldn’t spend as much money on morale and welfare website as I do on nuclear command control, it doesn’t make any sense."...