Author Archives: Sean Gallagher

cloud computing, Cyberdefense and Information Assurance

What an Internet “Kill Switch” Would Mean to the Public Cloud

In the wake of the events in Egypt in early February–and the cut-off of Internet access by the Egyptian government in response to protests coordinated partially by social media–the U.S. Senate took up legislation that would give the President the ability to exert emergency powers over Internet traffic in the event of cyber attack or some other sort of nationwide cyber threat.

While senators deny that any legislation will include a “kill switch” measure–allowing the President to shut down the public Internet in case of an emergency–just the discussion of such a capability has sent waves of concern through the Internet community, and it has raised major concerns about what the impact of legislation could be on public cloud providers.

David Linthicum, CTO and founder of Blue Mountain Labs, recently wrote an article about how just the idea of a “kill switch” is already hurting cloud providers. The reason: organizations are reluctant to invest in cloud computing as a solution, because they are concerned about the possibility of their connection to data being “pulled from (them) at any time.”

But it doesn’t take an Internet “kill switch” to make that happen. A denial-of-service attack or other degradation of the network through overt hostile acts, natural disaster, or any of a number of other events that could affect public Internet bandwidth, could disconnect organizations from the public cloud without warning, if there aren’t proper provisions made for alternate connections.

Read the rest of this post at : Virtual Integrated System Blog – Government – What an Internet “Kill Switch” Would Mean to the Public Cloud.

Standard
Uncategorized

NISTs Guidelines for Public Cloud Security Emphasize Risk Management

The National Institute of Standards and Technology has released a preliminary set of guidelines for cloud computing security. The draft version of Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,” offers recommended precautions and policies that federal agencies should follow if they plan to use public cloud resources.The document does not dismiss public clouds as an option for government systems. But the authors of the document, NIST computer scientists Wayne Jansen and Timothy Grance, were clear about the many hazards of outsourcing systems to a public cloud provider. Much of what makes cloud computing an attractive option for government agencies is also at odds with the way agencies have traditionally applied governance and security to information systems, Jansen and Grance wrote”

Several critical pieces of technology, such as a solution for federated trust, are not yet fully realized, impinging on successful cloud computing deployments. Determining the security of complex computer systems composed together is also a long-standing security issue that plagues large-scale computing in general, and cloud computing in particular. Attaining high-assurance qualities in implementations has been an elusive goal of computer security researchers and practitioners and…is also a work in progress for cloud computing.

The rest of this post is at: Virtual Integrated System Blog – Government – NISTs Guidelines for Public Cloud Security Emphasize Risk Management.

Standard