ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
|
|
- Samuel Lynch
- 8 years ago
- Views:
Transcription
1 ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better address federal security and privacy requirements when choosing cloud computing services. We explain how using a cloud provider that is certified through the Federal Risk and Authorization Management Program (FedRAMP) and the General Services Administration s Blanket Purchase Agreement (BPA) for Infrastructure as a Service (IaaS) offers agencies real potential for improving efficiency and risk management in establishing their IT infrastructure in the cloud. We also delineate the FedRAMP lines of responsibility between agencies and cloud providers, and provides guidance for evaluating cloud providers to maximize benefits and minimize delivery risk. A critical issue, but not a barrier Cloud computing offers federal agencies a powerful means to reduce costs, deliver more timely services, and significantly reduce burdens on internal IT resources. While the promised value is compelling, agency managers cite security and data privacy concerns as primary reasons for not migrating specific systems to the cloud. They are concerned about the loss of control from the multi-tenant nature of cloud computing which requires rigorous controls and continuous monitoring to prevent potential data leakage and unauthorized access. They also require visibility into potential security incidents and must be able to respond to security audit findings and obtain support for investigations. It is not sufficient to consider only the potential value of moving to cloud services. Agencies should make risk-based decisions which carefully consider the readiness of commercial or government providers to fulfill their Federal needs. Vivek Kundra, U.S. Chief Information Officer Federal Cloud Computing Strategy February 8, 2011 As a result, security and data privacy were top priorities the General Services Administration s (GSA s) Federal Cloud Computing Initiative sought to address to facilitate cloud adoption. GSA has collaborated with the Federal Chief Information Officer (CIO), the National Institute of Science and Technology (NIST), the CIO Council, and Senior Agency Information Security Officers to build a common cloud security Assessment and Authorization (A&A) framework called the Federal Risk Authorization Management Program (FedRAMP). GSA has also required cloud providers on its Blanket Purchase Agreement (BPA) for Infrastructure as a Service (IaaS) to receive A&A to support systems requiring Low or Moderate Risk Impact environments. In addition, these vendors must pass stringent National Agency Checks with Investigations according to HSPD-12 criteria. Prior to these initiatives, early movers to the cloud had to take on undue risk to meet desired timeframes.
2 Keys to minimizing risk and maximizing value The Federal Cloud Computing Strategy released February 8, 2011, recommends that agencies carefully consider their cloud security needs across a number of dimensions, including statutory compliance, data characteristics, privacy and confidentiality, integrity, data controls and access policies, and governance. In addition, NIST s recent draft publication Guidelines on Security and Privacy in Public Cloud Computing (SP ) identifies nine security and privacy considerations for planning, reviewing, negotiating or initiating a public cloud service outsourcing arrangement. Agencies can fast track their realization of cloud savings and other benefits while simultaneously addressing the security and privacy challenges highlighted by NIST, by leveraging GSA s IaaS BPA. By choosing cloud providers on the GSA BPA for IaaS, agencies can confidently achieve: 2 Physical separation of software in federal clouds from commercial clouds Tenant and vendor administrators vetted by the federal government Data ownership and protection approaches clearly stating that agencies own their data and spelling out mutually agreed processes the agency and cloud provider will follow for Freedom of Information Act or other data requests Clear scope of security models and environments that are pre-tested by the government to meet FISMA Moderate Risk Impact requirements and provide continuous monitoring. Agencies with higher security requirements can work with certified cloud providers to design and deploy systems that meet more stringent specifications. Transparency into what security features are included in a cloud bid, and what additional services are available or desired by the agency to meet its specific needs Ability to solve many security challenges more efficiently than internal solutions by leveraging the significant investments made by providers to deliver superior controls and enterpriseclass production environments that are pre-tested and certified by the government Faster authorization of systems moving to the cloud by re-using existing security authorizations established via FedRAMP, and separately certifying only additional agency- and application-specific requirements Savings in time and money by using existing security authorizations, eliminating the need to visit data centers and pursue and justify separate infrastructure accreditations (typically 40% of the A&A level of effort) More time and resources to focus on application security. Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud. FedRAMP s uniform set of security authorizations can eliminate the need for each agency to conduct duplicative, time-consuming, costly security reviews. 1 David McClure, GSA s Associate Administrator for Citizen Services and Innovative Technologies 1 Guidelines would speed certification of cloud products, services, November 2, 2010, Government Computer News
3 FedRAMP Highlights FedRAMP offers a common security A&A framework for cloud infrastructure; defines requirements for controls such as vulnerability scanning and incident monitoring, logging and reporting; and provides continuous monitoring services for certified government and commercial cloud computing systems that are intended for multi-agency use, improving risk management. An agency can leverage an existing authorization by accepting the findings in that FedRAMP package. The authorization remains in effect as long as the related security risks are accepted by the agency and the authorization complies with relevant policies. Realizing greater security in the cloud By using the IaaS BPA for cloud solutions, federal agencies can readily comply with the Federal Information Security Management Act s (FISMA s) comprehensive framework for securing their IT for a large majority of agency systems. The basis for determining the level of risk impact is the Federal Information Processing Standard (FIPS) 199. Figure 1 shows that 88% of categorized federal systems are classified as FIPS Low or Moderate Risk Impact. By using cloud environments that have been certified to meet Moderate Risk Impact requirements, agency applications in fact can be more secure in the cloud than they are in many existing infrastructures, especially those based on legacy platforms using legacy controls. Figure 1: FIPS Risk Impact of Categorized Federal Systems High 12% Low 40% 3 Moderate 48% Source: Fiscal Year 2009 Report to Congress on the Implementation of The Federal Information Security Management Act of % of categorized systems are classified as Low Risk Impact. Examples include public-facing websites with non-sensitive data as well as applications such as inventory systems. Systems with public data that is subject to transparency requirements have been among the first to leverage the cloud. For example, the Recovery Accountability and Transparency Board deployed Recovery.gov in the cloud, and NASA has also leveraged the cloud for public information. When considering the public cloud for such systems, agencies should ensure that cloud providers can provide a security level that prevents data tampering or disruption of service. 48% of categorized systems are classified as Moderate Risk Impact. These include systems supporting operations and those processing sensitive data such as personally identifiable information (PII), Confidential Business Information (CBI), and personal health information. Federal financial systems that process budget and procurement information, purchase card numbers, banking information for payments, or Social Security Numbers would be categorized as Moderate Risk Impact. Often, such financial systems are better suited to Virtual Private Clouds for which agencies can dictate their required levels of security. Virtual Private Clouds give agencies exclusive use of computing infrastructure and allow them to prescribe specific security measures without requiring infrastructure investment.
4 Inherent security advantages of cloud technology Automated security management Greater redundancy Improved disaster recovery (no matter what happens to a desktop or laptop, data is backed up in the cloud) Simplified security auditing and testing Shifting public data to an external cloud reduces risk of exposing internal, sensitive data Centralizing data allows skilled experts to ensure that all security measures are taken, eliminating risks posed by employees with less technical skill Agency security responsibilities vs. certified cloud provider responsibilities When determining additional agency security requirements to deploy as part of their move to the cloud, per the NIST model, it is the agency s responsibility to address the security and risk management of its own major applications. Security controls can be provided by the application owner or can be secured from a qualified vendor (See Figure 2). Figure 2: Examples of Available Security Controls Governance, Risk and Compliance Data Risk Management Infrastructure Protection Management 4 Compliance reporting services Vulnerability management Security event and incident management System operational risk management System security measures and configurations Application activity management Strong authentication Identity management Web policy management Data loss prevention Intrusion protection services Endpoint protection Log management services Firewalls management System antivirus software configuration Secure messaging services Anti-DDoS Operating System related security, patching and vulnerability scanning Configuration management Policies and procedures For agencies preferring that their cloud provider perform continuous monitoring, backup and restore data, and/or guarantee that data centers are located on U.S. soil, certified providers on GSA s BPA for IaaS will meet these requirements.
5 Figure 3: Comparison of Agency and Certified Cloud Provider Responsibilities shows the security responsibility boundaries between agencies and certified cloud providers for virtual machines and web hosting services offered on the BPA for IaaS. For virtual machines, agencies are responsible for securing the O/S, hosting software and major application. With web hosting, the cloud provider handles the O/S-related security and some hosting software security. Any responsibility gaps can be identified clearly so that agencies can decide what additional security controls, performance reporting, or other standards of compliance are needed, and whether to address those internally or through their cloud provider. Figure 3: Comparison of Agency and Certified Cloud Provider Security Responsibilities Virtual Machines Web Hosting Major Application Major Application Agency Responsibility Web Hosting Software Web Hosting Software Operating System Operating System Boundary Cloud Service Provider Responsibility Hypervisor Physical Hypervisor Physical 5 Note: Agencies must provide the Disaster Recovery (DR) testing and planning for their own cloud-based applications. This is unlike a typical managed hosting offering that includes the recovery plans and testing. As a result, agencies may require DR services beyond the cloud offering to complete their needs. Next steps CGI offers a disciplined transition process to get you to the cloud with confidence. We are one of the 12 awardees under GSA s BPA for Infrastructure as a Service. One of our expert executive consultants also chairs TechAmerica s public sector task group which is providing industry input into FedRAMP. CGI s cloud offerings compel the development of well-managed cloud initiatives because processes, governance, security and compliance are all embedded in our solutions. In addition, as a full-service cloud and security partner, CGI helps protect operations at the infrastructure and data layers and provides advisory services designed to assess and strengthen security strategies. We offer the full range of security services, including security governance and engineering, cybersecurity and managed security services (e.g. program, configuration, incident and event management and business continuity services). Our certified, accredited and security-cleared experts use proven industry best practices such as ITIL and SANS, continuous monitoring, real-time reporting and immediate action on suspicious activity. To learn how to find greater security in the cloud for your agency, or to talk to a CGI cloud expert about your specific situation, contact your CGI Federal program manager or visit us at. ITIL is a registered trade mark of AXELOS Limited Axelos is a registered trade mark of AXELOS Limited
6 Why CGI Nearly 35 years of experience in managing infrastructure, security and other business and IT services for complex organizations Trusted by more than 180 CIO s to manage their IT infrastructure Experience providing infrastructure support for 50+ federal agencies Major cybersecurity practice and significant percentage of federal practice professionals with security clearances Rigorous service management and governance processes that are proven against the most demanding requirements, with Service Level Agreements that are 98+% exceeded or met Ability to deliver entire applications to meet critical needs faster than agency data centers could deliver just the infrastructure, for example: In just six weeks, built and deployed FederalReporting.gov in a virtualized hosting environment to handle Recovery Act funding recipient reporting In just six weeks, built and deployed a cloud-based portal to support a major health reform initiative. The portal, which includes data from more than 3,000 commercial and public sector organizations, enables citizens to conduct real-time comparisons so they can make more informed healthcare decisions. Flexible cloud approaches that can include blending with traditional hosting, ability to transfer customer data back in-house, and access to robust common services Vulnerability scanning and patch management for web hosting that provides embedded security to close the most common exploits. 6 About CGI A global leader in IT, business process and professional services, CGI partners with federal agencies to provide end-to-end solutions for defense, civilian and intelligence missions. For 35 years, we have delivered quality services to help clients achieve results at every stage of the program, product, and business lifecycle. We deliver end-to-end solutions in application and technology management, systems integration and consulting, business process management and services, advanced engineering and technology services, and operational support services. Our proven capabilities in high-demand areas include cloud, cybersecurity, biometrics, citizen services, data exchange, health IT and energy/environment. CGI has 31,000 employees in 125+ offices worldwide.
Cloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationGlobal Infrastructure Services, Solutions & Consulting. Solutions. Cloud computing
Global Infrastructure Services, Solutions & Consulting Solutions Cloud computing Until now, managing IT infrastructure has been about negotiating limits limited processing power, capacity, bandwidth and
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationTESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY
TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY
More informationMANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.
MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationMission Assurance and Security Services
Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationCloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security
Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief
More informationIV. SHIFT TO THE CLOUD: ACHIEVING EFFICIENCY THROUGH CLOUD COMPUTING AND DATA CENTER CONSOLIDATION *
IV. SHIFT TO THE CLOUD: ACHIEVING EFFICIENCY THROUGH CLOUD COMPUTING AND DATA CENTER CONSOLIDATION * OVERVIEW The federal government is the world s largest consumer of information technology (IT), spending
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE SUBCOMMITTEE
More informationITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING
ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationStatement of James Sheaffer, President North American Public Sector, CSC
Statement of James Sheaffer, President North American Public Sector, CSC United States House of Representatives Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection,
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationInformation Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
More informationComplying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance
WHITE paper Complying with the Federal Information Security Management Act How Tripwire Change Auditing Solutions Help page 2 page 3 page 3 page 3 page 4 page 4 page 5 page 5 page 6 page 6 page 7 Introduction
More informationCloud Computing and the Federal Government: Maximizing Trust Supporting the Mission and Improving Assurance with Data-centric Information Security
Cloud Computing and the Federal Government: Maximizing Trust Supporting the Mission and Improving Assurance with Data-centric Information Security Table of Contents Executive Summary...3 Introduction...3
More informationCloud Security: The Grand Challenge
Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationCompany of the Year Award - 2013 Frost & Sullivan
2013 2013 North American Government Cloud Solutions Company of the Year Award 2013 Frost & Sullivan 1 We Accelerate Growth Company of the Year Award Government Cloud Solutions North America, 2013 Frost
More informationFY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0
FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0 Prepared by: US Department of Homeland Security Office of Cybersecurity and Communications Federal Network
More informationFirewall Administration and Management
Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall
More informationHow to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
More informationSecurity in the Cloud: Embracing the Technology While Minimizing Risk. For Conference Purposes Only
Security in the Cloud: Embracing the Technology While Minimizing Risk Today s s Discussion Virtualization and Cloud Technology Security and Compliance Panelist Q&A 2 Benefits of Virtualization and Cloud
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationContact Center Security: Moving to the Cloud
white paper Contact Center Security: Moving to the Cloud Table of Contents Executive Overview 2 A Critical Attribute of a Cloud Provider: Proven Security 2 How Do Well-established Companies Chose a Cloud
More informationSERENA SOFTWARE Serena Service Manager Security
SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationU.S. General Services Administration. Infrastructure as a Service (IaaS) Blanket Purchase Agreement (BPA) Fact Sheet
U.S. General Services Administration Infrastructure as a Service (IaaS) Blanket Purchase Agreement (BPA) Fact Sheet May 2014 Quick Facts Infrastructure as a Service (IaaS) BPA was awarded in October 2010
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More information_experience the commitment TM. Seek service, not just servers
The complete cloud Creating and preserving cloud savings, security and service quality transition planning and service management ABOUT THIS PAPER Creating and preserving cloud infrastructure savings,
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationSOLUTIONS. Secure Infrastructure as a Service for Production Workloads
IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures
More informationHealthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation
Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationAppendix 10 IT Security Implementation Guide. For. Information Management and Communication Support (IMCS)
Appendix 10 IT Security Implementation Guide For Information Management and Communication Support (IMCS) 10.1 Security Awareness Training As defined in NPR 2810.1A, all contractor personnel with access
More informationLeveraging the Cloud for Your Business
Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationContact Center Security: Moving to the True Cloud
White Paper Contact Center Security: Moving to the True Cloud Today, Cloud is one of the most talked about trends in the IT industry. It s a paradigm many believe will have a widespread business impact.
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationFISMA Cloud GovDataHosting Service Portfolio
FISMA Cloud Advanced Government Oriented Cloud Hosting Solutions Cyber FISMA Security Cloud Information Security Management Compliance Security Compliant Disaster Recovery Hosting Application Cyber Security
More informationSTATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE
STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE
More informationVALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud
VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge
More informationIntegrated service management and cloud computing:
IBM Global Technology Services Thought Leadership White Paper September 2010 Integrated service management and cloud computing: More than just technology best friends 2 Integrated service management and
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationOptimizing the Data Center for Today s Federal Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,
More informationDemystifying Virtualization for Small Businesses Executive Brief
Demystifying Virtualization for Small Businesses White Paper: Demystifying Virtualization for Small Businesses Demystifying Virtualization for Small Businesses Contents Introduction............................................................................................
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationWork With Genesis Insurance Company
IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information
More informationTHE BUSINESS OF CLOUD
THE BUSINESS OF CLOUD THE BUSINESS OF CLOUD Introduction Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Choose the Right Model Overcome Procurement Barriers to Cloud Adoption Meet Complex
More informationSupporting FISMA and NIST SP 800-53 with Secure Managed File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationIT Services. Capita Private Cloud. Cloud potential unleashed
IT Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing freedom,
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationCLOUD COMPUTING SERVICES CATALOG
CLOUD COMPUTING SERVICES CATALOG... Including information about the FedRAMP SM authorized Unclassified Remote Hosted Desktop (URHD) Software as a Service solution CTC Cloud Computing Services Software
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL E-09-01. Tammy Rapp Auditor-in-Charge FARM CREDIT ADMINISTRATION
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2009 Evaluation of the Farm Credit Administration s Compliance with the Federal Information Security Management Act E-09-01 November 18, 2009 Tammy
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationHow To Protect A Virtual Desktop From Attack
Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationThe Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative
The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationSOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationTrend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION
SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationThe multisourcing approach to IT consolidation
Experience the commitment WHITE PAPER The multisourcing approach to IT consolidation The proven commercial practice of multisourcing services integration can help state and local governments achieve IT
More information