70 likes | 171 Views
Cloud Computing Security and Compliance Challenges Panel on Information Security Compliance Requirements in Cloud Environments. Dan Mintz CTO, Civil & Health Services Group CSC June 2009. The Playing field. Budget Office Organizational Realities NIST OMB – Before & After
E N D
Cloud Computing Security and Compliance ChallengesPanel on Information Security Compliance Requirements in Cloud Environments Dan Mintz CTO, Civil & Health Services Group CSC June 2009
The Playing field • Budget Office • Organizational Realities • NIST • OMB – Before & After • Inspectors General • Press, Congress
Issues to ponder • Which applications to consider first for cloud implementations • Review with the Departmental/Agency IG • Encourage OMB to get IGs and GAO in sync • Focus on data, which is what we should have been doing anyway • Private or hybrid clouds may be unavoidable for many Government applications because of security and privacy regulatory requirements • Work on SLA’s associated with your <potential> providers • Performance • Location of data • Metrics for events • Coop/recovery
Remember that to calculate the return on investment you need to know your investment Also don’t assume your security costs will go down though your application and operational costs might RETURN ON INVESTMENT(ROI)
THOUGHTS ON INFRASTRUCTURE • Centralization of infrastructure can simplify security oversight, as well as operations management • Security oversight requirements can be useful as a lever to centralize into a private (or public) cloud
CSC THOUGHTS • You can only learn by doing • Take small bites • CSC offers Trusted Cloud Services in Partnership with Terremark • www.csc.com/itis • Benefits • Lower future capital investments • Range of support from self-management through highly managed hosting • Tier 4 facility, TS/SCI capable, DOJ Level IV compliant • Conveniently located in Culpeper, VA, outside 50-mile DC blast zone • Terremark already hosts a variety of Federal customers including GSA • CSC has extensive experience with FISMA, C&A requirements • Free 30-day trials to allow customers to kick the tires
Dan MintzCTO, Civil and Health Services Groupdmintz@csc.com703-641-2303/o301-332/0717/ctwitter: technogeezer