October/November 2015 Digital Edition

More documents

Recommendations

Info

Cloud security trending as preferred approach for states and other government agencies By Jayne Freidland Holland NIC Inc Cloud computing appears to be trending as a preferred approach to enterprise IT, even for government. State agencies increasingly are moving to the cloud – or at least considering it as a viable option. It has been reported that some states, including Kentucky, Ohio, Utah and Alabama, have embraced cloud computing as a way to reduce IT costs and deliver services and applications to the marketplace more quickly. Other states, however, remain skeptical about whether perceived security risks outweigh the cost and customer service advantages. The Cloud’s Benefits and Risks As cloud computing has gained credibility, government agencies have recognized benefits of moving to the cloud, as well as drawbacks. Moving data to the cloud can lower costs because you are paying only for the capacity and services used. This reduces the need for onsite personnel and support and eliminates the maintenance of hardware, software and IT infrastructure associated with relocating data. In addition, cloud resources can be added relatively inexpensively in real time, and data can be shared on demand anywhere, anytime via the Internet. On the other hand, the cloud may offer less control over infrastructure management and data. It also can increase the susceptibility to a single point of failure. And, it can create risks related to multi-tenancy. For example, if data is not properly segregated, an attack on one company’s data may affect others on the same server. When weighing the benefits and risks of moving to the cloud, one of the first steps is to carefully analyze the proposed cloud services agreement. Service-level agreements vary widely, differ by provider and often are non-negotiable. A thorough review of the agreement will be necessary to make sure your agency’s needs and concerns are covered. Here are some of the key things to consider when reviewing a cloud 12 services agreement: • Where will the data reside and who can access it? It is important to understand where your data will be located and who has access to it. Some providers store data outside the United States, which, as an agency, you may be prohibited from doing by statute. In addition, cloud providers may allow their subcontractors to access a customer’s data. Make sure to ask the prospective cloud provider who is permitted to access your data, what kinds of background checks the service provider has completed on any personnel who may access data, and how access to the data is monitored, as well as what types of logs are maintained. • Requisite standards. It is important to understand whether the cloud service provider can meet or satisfy relevant data protection legislation or industry standards that may be applicable for your agency, such as the Payment Card Industry’s Data Security Standards or the Health Insurance Portability & Accountability Act criteria. An agency should request evidence that the
cloud provider has the appropriate security measures in place to satisfy those requirements. • Liability and damages. also, be on the lookout for broad exclusions of liability in cloud provider agreements. Understand who assumes liability if data loss occurs and whether that liability extends to costs the agency may incur in the event of an outage. • Indemnification. in the contract negotiating process, consider seeking indemnification for iP infringement, applicable law, data protection legislation, regulatory breaches and losses suffered as a result of data being removed. While it may be unlikely to secure this level of protection, it is recommended that you request it. • Warranties. cloud provider agreements should include performance warranties for service, reliability and accuracy. it’s easy to assume that these warranties are implied, but if they are not included in the agreement, it may mean the provider doesn’t intend to honor them. request that the contract specify the relevant warranties. • Updates and patches. typically, the cloud provider is contractually responsible for regularly updating More on page 26 13
Page 1 and 2: Government Security News October/No
Page 3 and 4: NEWS AND FEATURES Ireland rolls out
Page 5 and 6: unique design and mobile applicatio
Page 7 and 8: NATO Special Operations Forces and
Page 9 and 10: Key takeaways from the research rep
Page 11: FAA Administrator Michael Huerta Fo
Page 15 and 16: tion under the convention against t
Page 17: Oslo Airport selects Qognify, forme
Page 21 and 22: NTSB confirms wreckage discovered t
Page 23 and 24: ing of additional financial support
Page 25 and 26: to the accidental leaking of sensit
Page 27 and 28: Intelligent Video Surveillance NSF-
Page 29 and 30: as distortion. Humans perceive visu
Page 31 and 32: faster and more accurate retrieval
Page 33 and 34: and homeland security applications
Page 35 and 36: Coming Attractions: “We are const
Page 37 and 38: time sensitive situations. Back in
Page 39 and 40: incidents are analyzed to avoid fal
Page 41 and 42: The News Leader in Physical, IT and

October/November 2015 Digital Edition

Create successful ePaper yourself

Delete template?

Save as template?