Federal Agencies Strive to Make the Cloud Secure

Grazed from FedTechMagazine. Author: Steve Zurier.

Cloud computing has become such a way of life at NASA over the past five or six years that the Jet Propulsion Laboratory IT team thinks of most cloud-based services as just another node on the network, say Tom Soderstrom and Jonathan Chiang, chief technology and innovation officer and IT chief engineer, respectively. In fact, Soderstrom says that whether it’s Amazon Web Services or Windows Azure, “we think that using the cloud applications can be even more secure than what we do internally.”

“Every service we sign on with has to be vetted by FedRAMP [the Federal Risk and Authorization Management Program], so we know if they are on the list that they comply with the NIST 800-53 security specifications for federal installations,” Soderstrom explains. “And these vendors spend a lot of money on IT security; they are constantly patching.”…

A Pragmatic Approach to the Cloud

Matthew Derenski, cybersecurity engineer for JPL in California, says best practices have been put in place to ensure that cloud-based services are secure. For example, when a JPL scientist needs to provision a virtual server and storage, a systems administrator starts the process by logging on to the cloud service and authenticating using two-factor authentication. Once the resources are provisioned, the user logs on using a password to access the system…

Read more from the source @ http://www.fedtechmagazine.com/article/2014/04/federal-agencies-strive-make-cloud-secure

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb