DSB task force urges security mandates for DoD cloud computing

March 11, 2013 Off By David

Grazed from FierceGovernmentIT. Author: David Perera.

Cloud computing adoption within the Defense Department will require establishment of clear security mandates, says a report from a Defense Science Board task force. The report (.pdf), dated January 2013, says among the mandates the DoD chief information officer and the Defense Information Systems Agency could establish include aspects of trusted computing such as hypervisor attestation to assure that it hasn’t been corrupted, cryptographic sealing and "strong virtual machine isolation."

Data at rest should be stored in encrypted form with keys protected using a hardware attestation "such as a trusted platform module" and data in transit should likewise be encrypted with hardware-attested keys, the report says…

The task force also recommends that the DoD CIO and DISA establish standard service level agreements for both private- and public- cloud computing, and that the DoD CIO establish a central repository to document the cloud computing transition. The repository should contain enough data to improve understanding of systems costs before, during and after a switch to cloud computing as well as best practices and metrics…

CategoryNews

Bridging The Gap Between User Experience & The Cloud

Oppenheimer’s Sixth Annual Cloud Computing/Services One-on-One Conference Draws Institutional Investors