by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 30, 2015
PETE NICOLETTI is chief information security officer at Virtustream. Commentary | PETE NICOLETTI Despite all the traction cloud com- puting has gained in recent years, IDC is predicting even bigger things for the future. The federal govern- ment is projected to spend $7.7 billion on private cloud solutions by 2017, a nearly $6 billion increase from the projected $1.7 billion spent in 2014. As federal agencies show increas- ing interest in the cloud, IT execu- tives must understand how to navigate compliance programs, particularly the Federal Risk and Authorization Management Pro- gram (FedRAMP) and particularly when it comes to managing secu- rity, costs and processes efficiently. Furthermore, given the myriad regulations in place for secur- ing data and personally identifi- able information — including the Federal Information Processing Standards and directives from the National Institute of Standards and Technology — agencies must be aware of the regulations they are subject to, the protections that their cloud providers offer and the dif- ferences between what they do in their managed environment versus the customer environment. It is also important to understand which aspects of an organization’s cloud strategy require complying with those regulations and which do not. For example, the IRS’ public-facing informational website does not require the same level of security as a portal that collects personally identifiable information. If the same levels of security are unnecessarily applied to an agency’s entire cloud model, it can result in increased costs and resource burdens. CIOs, chief information security officers, chief technology officers, chief financial officers and other decision-makers navigating com- plex infrastructure-, software- and platform-as -a-service cloud offer- ings have much to consider when choosing a FedRAMP-compliant provider. Decision criteria must include optimizing the management of security and other costs while maximizing efficiency. Another critical area for consid- eration is encryption, which is not currently mandated. Encryption is the key to any data protection pro- gram, but FedRAMP and NIST have not kept up with the bad guys and real-world threats in this regard. Old-school approaches to protect- ing data during all phases of its life cycle need rethinking. With the latest advances in data- base and file server encryption, there is no reason for an agency not to deploy encryption. It can even be put in place before moving to the cloud. If encryption were deployed correctly and pervasively, we would see fewer news reports of hacked companies, China grabbing agen- cies’ personally identifiable informa- tion and Edward Snowden divulg- ing state secrets. Another important consideration is visibility into operations. IT lead- ers need insight into the entire data- hosting network system to ensure that compliance standards are met and that the provider is operating transparently. Areas outside the continental U.S. — including Hawaii — are risky places to base hosting services and cannot be considered for U.S. agency workloads. Geolocation and geofencing ensure that operational changes do not move computing resources or associated data into a non- compliant environment at another data center, which could unknow- ingly be located in another city or even country. A perfect storm of digital oppor- tunities, online threats, demands for accelerated system deployments and IT’s mandate to save money is creating a sense of urgency across the government. Selecting the right cloud provider is difficult enough; with the added challenge of navigat- ing the compliance and regulation landscape, decision-makers must keep these tips in mind in order to keep their agencies operating in a secure, compliant, budget- conscious and efficient manner. n Finding security in the cloud A few key considerations can make it easier to choose a cloud provider in a complex regulatory landscape Agencies must be aware of the regulations they are subject to and the protections that their cloud providers offer. 12 July 30, 2015 FCW.COM 0730fcw_012.indd 12 7/8/15 3:12 PM
July 15, 2015
August 15, 2015