by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 2014
Attitudes about cloud security continue to evolve THE CLOUD, IN ITS MANY FORMS, has been and still is a perplexing proposition for government. With its promise of enabling organizations to offload much of their IT infra- structure concerns to a managed, shared and less costly environment, it’s naturally attracted a lot of interest. But se- curity concerns continue to dog its uptake in government. That dynamic was visible yet again when David Ben- nett, chief information officer at the Defense Information Systems Agency (DISA), recently told an industry meet- ing in Washington, D.C., that moving some things to the cloud was very viable for agencies, but that the “crown jewels” of agency data need to stay within the defensive security perimeter. Yet, according to the Cloud Security Alliance (CSA), cloud-related security concerns now tend to run more along the lines of general worries about security that af- fect all aspects of IT — data breaches, data loss, denial of service, malicious insiders — than about insecurity of the cloud itself. In a report on the threats against the cloud that people most worried about in 2013, CSA found abuse of cloud services had dropped from first in 2010 to seventh. “This threat is more of an issue for cloud service provid- ers than cloud consumers,” the report states, “but it does raise a number of serious implications for those providers. How will you detect people abusing your service? How will you define abuse? How will you prevent them from doing it again?” Government solutions provider CDWG believes the per- sistent claim that the cloud compromises security should be laid to rest, since cloud providers now are required to use advanced best-in-class server technology and have to use internationally recognized security standards. However, Shane Zide, a cloud client executive at CDW, said cloud users must make sure providers prove they have the necessary security for all the various flavors of cloud services they provide, including addressing their potential points of failure, which could belong to the user. “All cloud vendors are not created equal,” Zide said, “neither is their security design and protection from inter- nal and outside threats.” Vendors must also answer general questions such as specifics about how they will protect agency applications in the cloud, what kind of authentication is provided, the level of encryption used for data at rest and how agency DLP policies square with what they offer. Government organizations have gotten some help with these issues with the development of the Federal Risk and Authorization Management Program (FedRAMP), a joint government/industry effort that certifies that cloud providers meet various government security require- ments. All cloud providers that federal agencies use must now be FedRAMP-certified, though agencies are still responsible for ensuring that the security for resources moved to the cloud meets government requirements. In 2013, NIST also published a draft of its “Cloud Computing Security Reference Architecture” (SP 500- 299), which sets out a risk-based framework for moving applications and services to the cloud. The aim, said Michaela Iorga, chairman of NIST’s Cloud Computing Security Working Group, is to “demystify the process of selecting cloud-based services that best ad- dress an agency’s requirements in the most secure and efficient manner.” • GET THE FULL REPORT ONLINE AT: FCW.com/CDWGCybersecurity Get More Online... Mobile Strategies Report Articles: DLP remains high on the list of cybersecurity priorities Mobility requires diligence about malware As cyber threats evolve, do firewalls still have a role? APTs: Changing the security mind-set SPONSORED REPORT: SNAPSHOT CYBERSECURITY
September 30, 2014
November and December 2014