The DOD’s New Cloud Security Requirements: What Hosts Should Know

Grazed from Datamation. Author: Editorial Staff.

Towards the middle of January, the Defense Information Systems Agency – a subdivision of the United States Department of Defense – released a new cloud computing security requirements guide, which we first heard talk of back in November. The primary purpose of this SRG is to make the process of acquiring commercial cloud services more efficient for DoD agencies (without undermining security, of course). Not surprisingly, this means that the SRG effectively renders obsolete the DoD’s original Cloud Security Model, under which only a few select vendors received authorization.

“In plain language, the new guide explains that components “remain responsible for determining what data and missions are hosted” by cloud service providers,” writes Frank Konkel of Nextgov. “Each use of cloud services will also require an enterprise IT business case analysis, with each analysis required to consider DISA-provided cloud services such as DISA’s milCloud offering.”…

It’s a significant step forward for the organization, and one that cloud providers should pay close attention to. If you’ve the time, I’d recommend reading over the document (you can find it here). In the meantime, I’m going to offer up a few of the key takeaways hosts should draw from all of this…

Read more from the source @ http://www.datamation.com/cloud-computing/the-dods-new-cloud-security-requirements-what-hosts-should-know.html