Staying Safer in Cyberspace: Cloud Security on the Horizon
Since announcing its "Cloud First" policy in 2010, the Federal government has correctly identified cloud computing as a way to reduce costs and improve the use of existing assets, and has accordingly prioritized its adoption. It has also taken judicious steps to protect Federal networks from nefarious cyber-attacks and promote the dissemination of best practices for cybersecurity. The Federal government has also embraced mobility as a means to conduct work from any location. But until now, the implementation of these initiatives has been fragmented and lacked coordination across Federal agencies. This paper offers a framework for integrating these programs in a way that enables the Federal government to realize the economic, technological, and mission-effectiveness benefits of cloud services while simultaneously meeting current Federal cybersecurity requirements. It advocates shifting from a compliance-based cybersecurity paradigm to on e that is risk-based and focusing on how to most effectively secure their implementation of cloud services.
At a time when the Federal government is facing ever-mounting budgetary pressures, cloud computing can be a useful tool to help agency leaders to deliver mission services while managing expenditures. And in a recent poll, nearly half of all senior national security officials also named cyberwarfare as "the most serious threat facing the United States." The "Staying Safer in Cyberspace" plan we present in this paper differs from the current fragmented approach to securing the cloud by identifying an integrated approach and a coordinating body to develop a network architecture that conforms to the Administration's cybersecurity policies. What's more, it describes the contours of what this network architecture should look like -- from performance metrics down to identity management practices at the end user level. These recommendations delineate essential functions for both the private sector and the Federal government, while allowing for discussion about certain details. Similarly, our plan also allows room for the unique security requirements of departments and agencies to be considered, all within the framework of existing legislation.
|sitemap||Copyright 1971-2012 01 COMMUNICATIONS INC. ALL RIGHTS RESERVED. - Powered by DNAOS||contact|