RSS Alerts
Vivek Kundra, Federal Chief Information Officer

Related Links

Related Stories

  • Grading Obama on Cybersecurity
    Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue
  • Cracked USB drives show NIST certification is not so secure
    Vendors of encrypted USB drives are recalling their NIST-certified products and issuing security updates after a fundamental flaw was found in the way that information is accessed. The flaw enables attackers to access encrypted data without trying to tackle the AES256 encryption algorithm used by the drives.
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
    Members' Content
  • Feds resist cloud computing over security concerns
    A newly released survey from (ISC)² shows that federal CISOs are avoiding cloud computing applications due to concerns about replicating IT security policy in the cloud.
  • Running an Organization Effectively While Still Maintaining Security
    Today’s CISO needs a range of skills in order to market the security effort effectively to the rest of the business. The (ISC)2 US government advisory board executive writers bureau explores some strategies that can help ensure support from the rest of the organization

News

Federal CIO asks NIST to aid government’s transition toward cloud computing

10 June 2010

Federal chief information officer Vivek Kundra called upon NIST to help the federal government move toward increased adoption of cloud computing and has appointed the agency to develop standards and guidelines that promote secure implementation of cloud technologies.

While addressing an audience at a recent NIST-sponsored cloud computing forum, Kundra outlined the federal government’s data center consolidation efforts to reduce overlap and subsequently called for developing a uniform set of standards to promote security in the transition toward cloud computing.

“This is a huge opportunity for CIOs across the federal government to rethink how they are investing in information technology”, Kundra said. He then asked the audience to consider the appropriate applications that are candidates for moving to the cloud “without violating the privacy of the American people or compromising national security in any way”.

Kundra also discussed the Federal Risk and Authorization Management Program (FedRAMP), and how it can facilitate the cost-effective benefits of cloud computing by creating a uniform set of security standards to certify cloud computing offerings. Under the current process, cloud vendors are forced to certify products with every agency, sometimes hundreds of them. Kundra called this a highly inefficient certification model and suggested that agencies leverage the processes of other government departments to avoid waste and overlap.

“A number of these agencies can potentially leverage common platforms across the board”, he told the audience, including allowing state governments to take advantage of already-certified federal systems, which allows for cost savings at more than one level of government.

“We can create cross-government [certification] platforms so that we actually realize, not just the savings, but the value much faster, and we also accelerate the adoption towards cloud computing”, Kundra added.

For its part, NIST said it will begin to work with other government agencies and standards organizations in developing a framework to integrate current standards and identify gaps that may exist.

The institute noted that it will serve as a technical advisor to FedRAMP, “which will allow agencies to collaboratively develop baseline FISMA security criteria and authorization to operate deliverables upfront for use of cloud computing vendor products and services”. The aim here is to avoid redundancy, and save money for cash-strapped government IT departments across the nation. “Once a baseline is approved, each agency could augment the baseline according to its individual data and mission system security authorization needs”, NIST added.

 

This article is featured in:
Cloud Computing Compliance and Policy Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water