Weekly Industry Round-up, Week of 6/14
Posted by hyperguard on June 18, 2010
Can Federal Data Privacy Live on in the Cloud?
For government, privacy and data security are a priority, and now many government IT agencies are planning to move their computing operations to the cloud. According to this article by Kenneth Corbin, the transition to the cloud is already well underway in federal IT circles and with it. John Kropf, the deputy chief privacy officer at the Department of Homeland Security, is developing policies and safeguards to keep sensitive data secure as the traditional silos of federal IT infrastructure are torn down. However, classified national security information is not on the table when government officials talk about the cloud. And many agencies have a mixture of sensitive information that may find a home on a secured private cloud, as well as troves of data that can—and should, according to the White House—be made publicly available on the Web.
Jeremiah Grossman recently asked his Twitter followers why some people feel oddly compelled to rely upon the shortcomings of Web Application Firewalls (WAFs) as a means to advocate for a Secure Development Lifecycle (SDL). He believes this is odd because the long-term, risk-reducing value provided by secure code is enough on its own to warrant the investment, and says if you can’t demonstrate that, blame directed at WAFs seems misplaced. Most importantly, we must remember that our objective is to protect websites from being hacked. He suggests organizations should focus on the many cost-saving, risk-reducing, top-line-benefiting qualities that come with implementing a well-regulated software security program. He also says that at the end of the day, our common enemy is really the lack of application security visibility and the allocation of necessary resources. If we come together and help address this as an industry, we’ll all be better off, and the pressure of this either or choice will be lessened.
Cloud Security: The Basics
With cloud computing being one of the most-discussed topics among IT professionals today, this article by Mary Brandel lays out the essential concepts of cloud security. It looks at cloud models including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). Mary also provides examples of how four companies chose to handle some of the biggest concerns that users have, such as single sign-on, data encryption, virtualization and business continuity.