by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : March 15, 2016
DrillDown conducts such assessments.) Taken together, the foregoing developments should instill confi- dence in agency leaders on several fronts. Once agencies know that CDM-related systems can operate securely in the cloud, they’ll have proof that cloud-based security is not only achievable and reliable, but also desirable. They won’t have to fix everything themselves. They can transfer that responsibility to CSPs that possess the expertise, central- ized operations and agility required for today’s security challenges, with the scale to perform efficiently and economically. And agencies can rest assured knowing the CSP’s credibility has been established through FedRAMP’s rigorous testing and accreditation. They can also monitor the CSP’s performance, and indeed, CSPs are already providing effective cloud- based continuous monitoring in the commercial market. The switchover This isn’t to say that agencies should migrate all their sensitive data to the cloud, at least not right away. The FedRAMP program office is still working with industry and agencies to ensure that the high baseline is fea- sible for vendors to implement and achieves the intended level of secu- rity. But once the agencies experience and trust CDM in the cloud for their security, then placing other sensitive applications and data in the cloud will be a more palatable and logical next step. And it will lead to fulfilling the Office of Management and Budget’s “cloud first” mandate and realizing the many benefits offered by the cloud, such as lower IT costs, less legacy infrastructure and the need for fewer specialized personnel. It will be interesting to watch how this initial pilot for cloud-based CDM for smaller agencies unfolds. It might not be long before larger agencies that are currently performing on-premises continuous monitoring move to that model as well. What agencies can do now is look for ways to integrate their continu- ous monitoring and cloud migration efforts. With some foresight and planning, they can take advantage of the synergies between FedRAMP and CDM and align both to simulta- neously improve their security and cloud adoption postures. n Patrick D. Howard is former chief information security officer at the Nuclear Regulatory Commission and the Department of Housing and Urban Development. He is currently program manager for CDM and CMaaS at Kratos SecureInfo. A good case can be made that today’s cloud service providers are able to do an equal or better job of securing government data than many agencies can do for themselves. 32 March 15, 2016 FCW.COM 03156fcw_030-032.indd 32 2/18/16 3:15 PM
March 30, 2016