26 Jun 13. The military cloud: Balancing security and accessibility. The Defense Department’s long-term IT strategy calls for storing and
distributing virtually all data, even its most sensitive information, in the cloud. In January, the agency reported that it is fully committed to shifting to a cloud computing environment, citing cost, efficiency and user accessibility benefits. The CIA is already on the path to secure cloud services. After attempting to build a private cloud, the agency and other intelligence organizations opted to turn to commercial sources and awarded a contract to Amazon Web Services in late January. IBM protested the award to the Government Accountability Office, and GAO ruled in IBM’s favor. Negotiations to determine the final resolution are still under way, but observers expect the CIA to continue its migration to a
cloud-based system. Although cloud services are highly attractive to a DOD that’s facing both a tighter budget and soaring IT demands, some worry that the technology isn’t mature enough to ensure the safety of sensitive data shared between and within military organizations. Mark Cohn, chief technology officer at Unisys Federal Systems, based in Reston, Va., noted that it’s possible to argue that “cloud technology stacks are less mature in the sense that we don’t have as long a
history of defending them against the most sophisticated attackers at the level of national security systems, so [they] are therefore simply less proven.”
Robert Carey, DOD’s principal deputy CIO, acknowledged cloud risks in a recent DOD report, noting that “the metrics of cloud security are, at best, nebulous.” Carey added that the agency would need time to create secure cloud spaces. “We have lots of [pilot programs] going on…to make sure we understand…the pros, cons and risks of moving into the cloud space.” Although DOD has obvious reasons for approaching the cloud with caution, most experts believe it should be able to transition to a secure cloud environment without encountering any major problems. (Source: Defense Systems)
27 Jun 13. The Chinese government feels that it’s in the clear when it comes to stealing data from US companies using cyber tools, an issue leaders of the two countries will address next month as part of dialogues on cybersecurity, Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said Thursday. Delivering remarks and taking questions at an event hosted by the Brookings Institution, Dempsey described the growth in data theft and the disagreement over its significance between senior US and Chinese officials. “China’s particular niche in cyber has been theft of intellectual property and I’ve had some conversations about that with them, and the conversations generally, we tend to agree to disagree,” Dempsey said. “Their view is that there are no rules of the road in cyber, there are no laws that they’re breaking. There are no standards of behavior, and so we have asked them to meet with us in order to establish some rules of the road so that we don’t have these friction points in our relationship.” The next round in the ongoing cyber dialogue, a dialogue that was initiated after US officials began to be more vocal about the threats emanating from China, is scheduled for next month. (Source: Defense News)
21 Jun 13. Coverage of the PRISM surveillance program highlights only the most recent example of personal data ending up in the hands of unintended parties. While most attention has been placed on consumer public cloud services such as Gmail and Facebook, many corporate CISOs and CIOs are now re-evaluating the risks of third party access and surveillance to corporate cloud services. Regardless of whether these third parties are governments, cyber-activists, or cyber-criminals, the message is becoming clear – when enterprises put their information into shared cloud services, such as SaaS applications, they need to carefully think through the implications of giving awa