1 / 23

Cloud Adoption by Local Government: Promise, Progress and Pitfalls

Cloud Adoption by Local Government: Promise, Progress and Pitfalls. International Conference on Cloud Security Management October 17, 2013 Michael Hamilton CISO, City of Seattle. Local Government. Services that affect quality of life, and life We’d like them to be there.

anitra
Download Presentation

Cloud Adoption by Local Government: Promise, Progress and Pitfalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Adoption by Local Government: Promise, Progress and Pitfalls International Conference on Cloud Security Management October 17, 2013 Michael Hamilton CISO, City of Seattle

  2. Local Government Services that affect quality of life, and life We’d like them to be there

  3. CRITICAL INFRASTRUCTURE It’s good business sense!

  4. PUBLIC IT TODAY • Desktop • Network • Help Desk • Server • Development • Security • Procurement • Telephony Many of these are the same roles sought by SBUX, AMZN, MSFT, etc. They have this though >>

  5. PUBLIC IT TOMORROW We already buy more than we build, and the evolution is underway to develop IT resources into new roles • Security • Procurement • Legal • Audit

  6. LOCAL GOVERNMENT AND THE CLOUD • Disaster recovery and business continuity – DDOS readiness • Security through collective intelligence • SAAS very clear value – oversight needed • Starting to store more sensitive data • Remember what happened to L.A.

  7. THE SHARED SERVICE MODEL • A separate finance system for each local jurisdiction is not a good use of our taxes • Inter-local agreements • Regional monitoring • King County data center • IBM Smarter Cities initiative

  8. PRISEM PRISEM Public Regional Information Security Event Management Public Regional Information Security Event Management

  9. PRISEM History • DHS S&T funding to initiate; Five grants total • Participants contribute firewall logs, netflow, botnet alerts (Einstein); arbitrary devices under monitoring • Commercial SIEM infrastructure at UW APL • Cities of Seattle, Lynnwood, Bellevue, Kirkland, Redmond; Thurston and Kitsap Counties; Seattle Children’s Hospital, Snohomish PUD

  10. CoS CLOUD EXAMPLES • Postini, now FOPE for e-mail security • VRSN DDOS protection • Office 365 on deck • Video streaming • Over 65 SAAS applications • data.seattle.gov • Health data warehouse analytics

  11. UNDER INVESTIGATION • Development using PAAS • Cloud as SAN • Data analytics with sensitive information • The Smart Grid and energy consumption data • Why not IAAS? • Competition for OpenStack coders

  12. POLICY UNDERPINNINGS • Vendor requirements • Must demonstrate product security • That data center SAS-70 won’t do it • Changes to procurement language • RFP, Contract, focused on vendor reqs • Data classification and storage policy • Confidential, Sensitive, Public

  13. BARRIERS AND PROBLEMS • BYOC and the Internet shelf • Whitelisting all but impossible • File sync services as example • Nth parties and regulatory requirements • HITECH Act • Security and continuity • Got SEIM? • Public disclosure and E-Discovery

  14. PUBLIC DISCLOSURE

  15. STUFF THE CLOUD CAN’T HAVE • Control systems • 911 and CAD/RMS • Critical infrastructure information • Regulated information • Anything exempt from public disclosure • So incident data with metadata is a nonstarter

  16. OPPORTUNITIES • Regionalized shared services • IAAS/PAAS meet inter-local agreements • Desktop services - VDI in the cloud • Cloud forensics service • More video streaming and archive service • Traffic cameras • For those awesome City Council meetings • PD body cameras?

  17. WHAT WILL IT TAKE? • Better reliability - we are not a start-up • Humane rules on unauthorized disclosure • Interfaces for public disclosure and e-disc • Improved standards for vendors to meet, as a competitive differentiator Applications that help us govern better, use resources more wisely, and create efficiencies that are reflected in savings

  18. LOCAL GOVERNMENT AS MARKET • There are 89,003 of us • We require security as a market force • Authentication, encryption, auditing if you want our good stuff • Better analytical interfaces • Public Disclosure and E-Discovery pain abatement

  19. LASTLY, I WILL POINT OUT… • Mass exodus to the cloud reduces the number of points of attack and increases the efficiency of threat activity • Largest DDOS attack 191Gbps • An organized crime operation may be sharing physical hardware with your server

  20. My Contact Information (for one more week) Michael Hamilton Chief Information Security Officer City of Seattle Michael.Hamilton@Seattle.gov 206.684.7971 (D)

More Related