Cloud Identity and Security Best Practices
One of our major program areas is Cloud Identity and Security Best Practices (CloudIDsec).
As the name suggests this practice is focused on the intersection between federated identity systems and Cloud Computing security, and a perfect example to introduce the domain is this recent press release from NASA, about their use of ‘PIV’ technologies to secure their move to Google apps.
By securing the user authentication process to Cloud apps like Google they are putting in place one key foundation for ensuring ultra-robust Cloud Security, demonstrating one part of the relationship between the Cloud and Identity Management.
It also demonstrates healthy portions of political compliance too. By adopting Google they are demonstrating progress against their Cloud First requirements, and simultaneously doing the same for this Whitehouse directive requiring agencies to begin accepting signin credentials from external sites.
This blog from Anil John explains how agencies can build an associated audit process into their PMO for assessing the security levels of these mechanisms.
Furthermore there is OMB M-11-11, which is a Whitehouse memo increasing the pressure to be implementing the HSPD-12 program, the Homeland Security Presidential Directive 12. This calls for use of identity technologies to better secure government systems, most notably ‘PIV’ (Personal Identity Verification) smartcards and associated key developments like PIV interoperability.
Where all this overlaps with Cloud Best Practices is that these systems are a common component for each of the Business Use Cases, each one asks for the same capability as the NASA Google apps project, and so CloudIDsec will define the associated solution elements.
- » How to excel at secured cloud migrations through shared responsibility: A guide
- » IDC picks Trend Micro as the top vendor in SDC workload protection
- » Winning the IT availability war: How to combat costly downtime
- » Why cybersecurity needs to focus more on customer endpoints going forward
- » Google Cloud acquires VMware workload specialist CloudSimple