1 / 7

Dan Mintz CTO, Civil & Health Services Group CSC June 2009

Cloud Computing Security and Compliance Challenges Panel on Information Security Compliance Requirements in Cloud Environments. Dan Mintz CTO, Civil & Health Services Group CSC June 2009. The Playing field. Budget Office Organizational Realities NIST OMB – Before & After

hollye
Download Presentation

Dan Mintz CTO, Civil & Health Services Group CSC June 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security and Compliance ChallengesPanel on Information Security Compliance Requirements in Cloud Environments Dan Mintz CTO, Civil & Health Services Group CSC June 2009

  2. The Playing field • Budget Office • Organizational Realities • NIST • OMB – Before & After • Inspectors General • Press, Congress

  3. Issues to ponder • Which applications to consider first for cloud implementations • Review with the Departmental/Agency IG • Encourage OMB to get IGs and GAO in sync • Focus on data, which is what we should have been doing anyway • Private or hybrid clouds may be unavoidable for many Government applications because of security and privacy regulatory requirements • Work on SLA’s associated with your <potential> providers • Performance • Location of data • Metrics for events • Coop/recovery

  4. Remember that to calculate the return on investment you need to know your investment Also don’t assume your security costs will go down though your application and operational costs might RETURN ON INVESTMENT(ROI)

  5. THOUGHTS ON INFRASTRUCTURE • Centralization of infrastructure can simplify security oversight, as well as operations management • Security oversight requirements can be useful as a lever to centralize into a private (or public) cloud

  6. CSC THOUGHTS • You can only learn by doing • Take small bites • CSC offers Trusted Cloud Services in Partnership with Terremark • www.csc.com/itis • Benefits • Lower future capital investments • Range of support from self-management through highly managed hosting • Tier 4 facility, TS/SCI capable, DOJ Level IV compliant • Conveniently located in Culpeper, VA, outside 50-mile DC blast zone • Terremark already hosts a variety of Federal customers including GSA • CSC has extensive experience with FISMA, C&A requirements • Free 30-day trials to allow customers to kick the tires

  7. Dan MintzCTO, Civil and Health Services Groupdmintz@csc.com703-641-2303/o301-332/0717/ctwitter: technogeezer

More Related