FedRAMP’s role in making cloud services safer also helps agencies offset a number of the complexity in their IT operations, says NIST’s Ron Ross. If you spend any time hearing what government IT executives are talking about in Washington nowadays — besides the NSA’s data-collection practices and what everyone will need to have learned from HealthCare.gov — it’s hard to disregard at the least some discussion about secure cloud computing and a federal program called FedRAMP.
Talk to IT executives outside of Washington, however, and it’s evident that discussions about FedRAMP and its impact on cloud service providers are reaching far beyond the Beltway and rippling in the course of the boardrooms of IT services providers. As Amazon Web Services VP Teresa Carlson said in a contemporary interview: “Cloud companies can not perform any [government] procurement or award without having the ability to achieve the FedRAMP standards.”
For those new to the discussion, FedRAMP is a program cooked up by a gaggle of... Read More »
Category: Software
9 Worst Cloud Security Threats
Leading cloud security group lists the “Notorious Nine” top threats to cloud computing in 2013; most are already known but defy 100% solution. Shadow this can be a good thing until it runs into the protection of cloud computing. All too often line-of-business users are establishing applications and moving data into the cloud without understanding the entire security implications. The Cloud Security Alliance has prepare an inventory of the nine most prevalent and serious security threats in cloud computing. A lot of them relate in a single way or another to the weaknesses implicit in Shadow IT. The alliance bills its list because the “Notorious Nine: Cloud Computing Threats in 2013.” The CSA itself was formed in 2008 at the heels of the tips Systems Security Association CISO Forum in Las Vegas. Jim Reavis, a well-known security researcher and author, issued a choice for action to secure the cloud on the event, resulting in the founding of the organization. The report was released in February... Read More »
Google Yanks Buried Android Privacy Feature
Google removes an undocumented App Ops control panel from its latest release, Android 4.4.2, that had let users choose which app permissions to enable. Google Barge: 10 Informative Images (click image for larger view) Google, in its Android 4.4.2 release every week ago, removed an undocumented, experimental privacy control panel that were released inadvertently in July as part Android 4.3. The control panel, called App Ops, allowed Android users to disclaim the provision of selected permissions in an app. Though it was not accessible to users without some technical knowledge, it was immediately noticed and made available through Android apps that provided shortcuts to the hidden interface. App Ops turns Android’s permission model on its head. As opposed to allowing the developer to offer an inventory of requested (and customarily necessary) permissions to the user for all-or-nothing approval, the control panel allowed users to disable certain permissions while leaving others in place. In a blog post Wednesday, Peter Eckersley, technical projects director on the Electronic... Read More »
Microsoft Partners To increase Azure Reach
Like VMware, Microsoft looks to a hard and fast of partners to construct out Azure-compatible cloud services and offer them on a regional basis. VMware Vs. Microsoft: 8 Cloud Battle Lines (click image for larger view and for slideshow) Microsoft has began to build a global chain of Azure datacenters, with two in Europe, five in Asia, and 3 within the US. Now it’s partnering with 25 third parties to assist fill in one of the most gaps. Microsoft is equipping these third parties its Cloud OS Network with the newest Microsoft Virtual Machine Manager, Operations Manager, and Azure Pack, which might be Azure cloud functions running on Windows Server. The partners are launching their very own Azure-like cloud services. In many cases, Microsoft is partnering with a regional merchant, allowing a eu company to maintain its citizens’ data inside its own boundaries. One example is TeleComputing in Oslo, Norway, which has two datacenters in that country and two more in Sweden. In other cases,... Read More »
Why Most Companies Renovate Rather than Innovate
Low-risk, incremental improvements aren’t innovation, but that’s where most companies focus, Accenture finds. Innovation is thrilling when it actually happens in a business, but all too often it is the emptiest of buzzwords. Last fall, our annual InformationWeek 500 rankings highlighted IT innovators just like the Gap, UPS, Dish, and residential Depot which have turned great ideas into action using cloud services, data analytics, collaboration tools, and/or mobile apps. It’s no small feat. But these are the exceptions. What’s much more likely is an uninspiring parade of low-risk, incremental improvements. That is the rather dreary conclusion of an Accenture study of greater than 500 executives from companies with greater than $100 million of annual revenue. [An inflexible IT strategy could break what you are promoting. Read: IT’s Famous Last Words: If It Ain’t Broke, Don’t Fix It.] If an organization invests in a disruptive product or business model and the returns are disappointing, the pursuit of “a higher big thing” dries up fast, and so... Read More »