Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta 703-437-9451 ext 12 Third Workshop on Cyber Security & Global.

Published byNoreen Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta 703-437-9451 ext 12 Third Workshop on Cyber Security & Global."— Presentation transcript:

1 Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Third Workshop on Cyber Security & Global Affairs May 31 – June 2, 2011

2 Page 2 Overview  US Mandates and Programs affecting Cloud Computing  Government-wide Risk and Authorization of Cloud Computing  Challenges faced with Cloud Computing Assessment and Authorization

3 Page 3 US Mandates and Programs  FISMA – Federal Information Security Management Act or 2002  Defines a compliance framework for securing government systems  NIST responsible for standards & guidelines  FedRAMP – Federal Risk Management and Authorization Program  Designed to solve the security authorization problems highlighted by cloud computing  “authorize once, use many”

4 Page 4 Challenges with FISMA Measures security planning and not information security Interpretation of FISMA requirements and NIST guidelines varies greatly Same system is not compatible across agencies Continuous Monitoring Inadequate

5 Page 5 GSA IaaS Cloud Computing Environment  Cloud Storage Services  Storage for Files, Data and Data Objects  Well-defined Storage & Bandwidth Tiers  Virtual Machines  CPU (RAM, Disk space, Data transfer Bandwidth)  Operating System  Persistence  Cloud Web Hosting  CPU, OS, Software

6 Page 6 GSA IaaS – Separation of Duties

7 Page 7 FISMA / FedRAMP Details

8 Page 8 FISMA / FedRAMP Details

9 Page 9 Control Tailoring Workbook Fill this column out if the system setting is different than the GSA defined setting in the previous column

10 Page 10 FISMA / FedRAMP Details

11 Page 11 FISMA / FedRAMP Details

12 Page 12 FedRAMP Challenges  Continuous monitoring not adequate  SLA’s not validated in real-time  Manual processes prone to error  Security Control testing may be done too far apart  Security Management not adequate  Data collection for analysis inadequate  Corrective action hard to negotiate Can outsource responsibility but not accountability

13 Page 13 End-user Visibility is Key

14 Page 14 A&A Process for Cloud Computing Questions? sarbari@electrosoft-inc.com

Download ppt "Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta 703-437-9451 ext 12 Third Workshop on Cyber Security & Global."

Similar presentations

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.
P3- Represent how data flows around a computer system

P3- Represent how data flows around a computer system
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Page 1 Cloud Computing Best Practices and Considerations for Project Managers Mike Lamoureux, PMP, MBA.

Page 1 Cloud Computing Best Practices and Considerations for Project Managers Mike Lamoureux, PMP, MBA.
1 Characterization of Software Aging Effects in Elastic Storage Mechanisms for Private Clouds Rubens Matos, Jean Araujo, Vandi Alves and Paulo Maciel Presenter:

1 Characterization of Software Aging Effects in Elastic Storage Mechanisms for Private Clouds Rubens Matos, Jean Araujo, Vandi Alves and Paulo Maciel Presenter:
Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.

Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Information Visualization Solutions March 15-16, 2007 Information Visualization Solutions Team Overview & Analysis ~ Michael Hardy.

Information Visualization Solutions March 15-16, 2007 Information Visualization Solutions Team Overview & Analysis ~ Michael Hardy.
Federal IT Security Professional - Manager FITSP-M Module 1.

Federal IT Security Professional - Manager FITSP-M Module 1.
METAARCHIVE & CLOUD COMPUTING Central Server Functions Bill Robbins System Administrator MetaArchive Cooperative.

METAARCHIVE & CLOUD COMPUTING Central Server Functions Bill Robbins System Administrator MetaArchive Cooperative.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Yes, yes it does! 1.Guest Clustering is supported with SQL Server when running a guest operating system of Windows Server 2008 SP2 or newer.

Yes, yes it does! 1.Guest Clustering is supported with SQL Server when running a guest operating system of Windows Server 2008 SP2 or newer.
Dr. Ognjen Prnjat European and Regional eInfrastructure management Greek Research and Technology Network Oceanos and synnefo - clouds.

Dr. Ognjen Prnjat European and Regional eInfrastructure management Greek Research and Technology Network Oceanos and synnefo - clouds.
1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.

1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.

1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.

Similar presentations

Ads by Google