Virtualization, Cloud Complicate Insider Threats for Federal CIOs
September 25, 2014
Grazed from CIO. Author: Kenneth Corbin.
Within the federal government, the shift toward virtualization and cloud computing is already well underway, but agency and industry officials warn that those migrations invite new security considerations, particularly in the form of insider threats. Eric Chiu, president of the cloud and virtualization security firm HyTrust, notes the familiar list of arguments in favor of virtualizing servers and systems – lower costs and increased agility and efficiency chief among them – but points out that there are dangers associated with that transition.
"Virtualization also concentrates risk … You’re taking what used to be lots of separate physical systems that had their own configurations, their own separate management consoles, their own separate group of experts that managed them, and you’re collapsing all that functionality onto a single software layer," Chiu said during a panel discussion hosted by Federal News Radio. "Any virtualization admin can access any VM, could copy any VM, could delete or destroy any VM," he adds. "If you look at today’s threat, it’s really coming from the inside."…
Federal IT Leaders Must Be Vigilant as Network Perimeter Widens
Officials stress that vendors have an important role to play in facilitating the shift to the cloud and virtualized servers and systems within the government, particularly as agencies mull the implementation of service models at the software and platform levels. For agencies, that puts a premium on working with service providers in the vendor community to hammer out security protocols through the contracting process. At the same time, government organizations have been deploying the continuous diagnostics and mitigation (CDM) program that the Department of Homeland Security has been developing to provide for real-time network monitoring and threat detection…
Read more from the source @ http://www.cio.com/article/2687816/government-use-of-it/virtualization-cloud-complicate-insider-threats-for-federal-cios.html