The federal CISOs are worried that they won't be able to effectively secure cloud computing.

Source: Internet
Author: User
Keywords Cloud computing security
The annual survey by the Federal CISOs (Chief information Security officer) shows that many cloud computing plans have been postponed because they are now unsure of the ability to provide the same security as the physical environment and to prevent data leaks in a cloud computing environment. (ISC) 2 is a well-known certification authority for the management of CISSP certification, and it conducted a questionnaire survey of 36 agencies and Bureau-level CISOs, which was part of the federal CISOs annual anonymous survey. In these surveys, 72% said they had not yet used cloud computing, because there were some uncertainties, such as whether cloud computing was effective in ensuring security, whether it could apply current IT security policies, or whether it could effectively protect against data leaks. Lynn McNulty, a consultant at 2, has a high level of security in the National Institute of Standards and Technology, the State Department and the Federal Aviation Administration. "It is clear that the government is trying to compress it funding and find that ' cloud computing ' is the right way to achieve that," he explains. But as a group, the federal CISOs are reluctant to see this happen. "They support the use of cloud computing for insensitive applications or data because it does not involve any sensitive information," he said. "CISOs who use cloud computing services are now applying role-based access control and improving the architecture to help mitigate some of the risks." Early adopters could provide a practical solution for those who are still reluctant to deploy cloud computing, McNulty said. Michael Markulec, chief executive of Lumeta, a cyber-security operator, has been involved in several federal government projects. He says the government has started building independent cloud computing services. The United States Defense Information Systems (DISA) uses a cloud-based architecture called the Fast Access Computing environment (RACE), which provides services to several different organizations. "These infrastructure services are really similar to the old frame relay networks, where multiple users use the same network, so this poses many of the same challenges," Markulec said in a recent interview. You need to understand the mechanisms you have and make sure your access control lists and firewalls are set up correctly. "The federal CISOs also uses social media, and 62% of people say they use social media tools such as peer-to-peer, blogs and forums to support the agency's work." McNulty said: "The first threat the federal CISOs concerns, software vulnerabilities accounted for 27%, followed by internal threats (24%), followed by foreign threats (21%)." "The CISOs spent a year studying potential threats and holding an unbiased view of what they are facing," McNulty said. He added that the 2009 survey found that the federal CISOs were more concerned about threats from outside, "those with authorized intruders and other factors are also consideredThreat。 McNulty says the site's vulnerabilities and attacks have long plagued federal security experts. Software security is a constant concern of the federal government. The Department of Homeland Security has implemented Software Assurance programs, emphasizing that software purchasers must pay attention to errors in software coding. The federal CISOs reported on the progress of the Einstein plan and pointed to the need to support the investigation that the government's cybersecurity needs to be further improved. However, these surveys indicate the need to streamline hiring procedures and avoid bureaucracy, which can hamper the hiring of technical security experts. "After the hiring process starts, it may take up to a year to hire a person, but then technology and progress have changed," McNulty said. I think that the government must have a sense of competition and shorten the process so as to compete better with private security companies. "Only 10% per cent of respondents were satisfied with human resources and procurement operations, and experts said it was a long-standing problem that led to many vacancies." McNulty says many government agencies are reviewing the responsibilities of contractors to make some of these government departments work differently from federal contractors. The survey found that contractors ' conversions and new hires in the private sector accounted for 30% of their employment. The rest of the future is from the scholarship Scheme (Scholarship for Service program), so many college graduates will enter the Federal Security Department after graduation. "Turning them into government employees is a logical thing, especially when the actual contractor has become part of the agency and the department," McNulty said. Because of the current economic downturn, the impact on contractors is particularly pronounced, and retirement benefits, health insurance and other factors make government jobs a good choice. "The Einstein plan involved a cross-agency deployment of the intrusion prevention system, which was frustrating in the 2009 survey because it was too focused on external defenses." However, a turnaround in the 2010 survey showed that nearly 75% of respondents said they were more satisfied or satisfied with the plan. The U.S. Government Accountability Office (Government Accountability Office) review found that the implementation of the Einstein plan was slow and its third phase was being tested in a pilot programme. "I don't think people initially thought the Einstein plan was right for their organization's needs," McNulty said. "This year's satisfaction was largely due to its clear response to the Obama administration's cyber-security initiative." At the 2010 RSA Conference, the White House network Security Coordinator Howard Schmidt announced the National Network Security Comprehensive Plan (CNCI), which allows the public to view the 40 billion-dollar secret network security plan summary. McNulty says increased transparency and inter-agency communication have helped reduce frustration over security.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.