Assessment and Authorization for
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta [email protected] PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on
  • Presentation posted in: General

Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta [email protected] 703-437-9451 ext 12 Third Workshop on Cyber Security & Global Affairs May 31 – June 2, 2011. Overview. US Mandates and Programs affecting Cloud Computing

Download Presentation

Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta [email protected]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Assessment and authorization for cloud computing dr sarbari gupta sarbari electrosoft inc

Assessment and Authorization for

Cloud Computing

Dr. Sarbari Gupta

[email protected]

703-437-9451 ext 12

Third Workshop on Cyber Security & Global Affairs

May 31 – June 2, 2011


Overview

Overview

  • US Mandates and Programs affecting Cloud Computing

  • Government-wide Risk and Authorization of Cloud Computing

  • Challenges faced with Cloud Computing Assessment and Authorization


Us mandates and programs

US Mandates and Programs

  • FISMA – Federal Information Security Management Act or 2002

    • Defines a compliance framework for securing government systems

    • NIST responsible for standards & guidelines

  • FedRAMP – Federal Risk Management and Authorization Program

    • Designed to solve the security authorization problems highlighted by cloud computing

    • “authorize once, use many” 


Challenges with fisma

Challenges with FISMA

Measures security planning and not information security

Interpretation of FISMA requirements and NIST guidelines varies greatly

Same system is not compatible across agencies

Continuous Monitoring Inadequate


Gsa iaas cloud computing environment

GSA IaaS Cloud Computing Environment

  • Cloud Storage Services

    • Storage for Files, Data and Data Objects

    • Well-defined Storage & Bandwidth Tiers

  • Virtual Machines

    • CPU (RAM, Disk space, Data transfer Bandwidth)

    • Operating System

    • Persistence

  • Cloud Web Hosting

    • CPU, OS, Software


Gsa iaas separation of duties

GSA IaaS – Separation of Duties


Fisma fedramp details

FISMA / FedRAMP Details


Fisma fedramp details1

FISMA / FedRAMP Details


Control tailoring workbook

Control Tailoring Workbook

Fill this column out if the system setting is different than the GSA defined setting in the previous column


Fisma fedramp details2

FISMA / FedRAMP Details


Fisma fedramp details3

FISMA / FedRAMP Details


Fedramp challenges

FedRAMP Challenges

  • Continuous monitoring not adequate

    • SLA’s not validated in real-time

    • Manual processes prone to error

    • Security Control testing may be done too far apart

  • Security Management not adequate

    • Data collection for analysis inadequate

    • Corrective action hard to negotiate

Can outsource responsibility but not accountability


End user visibility is key

End-user Visibility is Key


A a process for cloud computing

A&A Process for Cloud Computing

Questions?

[email protected]


  • Login