Cloud Identity and Security Best Practices
One of our major program areas is Cloud Identity and Security Best Practices (CloudIDsec).
As the name suggests this practice is focused on the intersection between federated identity systems and Cloud Computing security, and a perfect example to introduce the domain is this recent press release from NASA, about their use of ‘PIV’ technologies to secure their move to Google apps.
By securing the user authentication process to Cloud apps like Google they are putting in place one key foundation for ensuring ultra-robust Cloud Security, demonstrating one part of the relationship between the Cloud and Identity Management.
It also demonstrates healthy portions of political compliance too. By adopting Google they are demonstrating progress against their Cloud First requirements, and simultaneously doing the same for this Whitehouse directive requiring agencies to begin accepting signin credentials from external sites.
This blog from Anil John explains how agencies can build an associated audit process into their PMO for assessing the security levels of these mechanisms.
Furthermore there is OMB M-11-11, which is a Whitehouse memo increasing the pressure to be implementing the HSPD-12 program, the Homeland Security Presidential Directive 12. This calls for use of identity technologies to better secure government systems, most notably ‘PIV’ (Personal Identity Verification) smartcards and associated key developments like PIV interoperability.
Where all this overlaps with Cloud Best Practices is that these systems are a common component for each of the Business Use Cases, each one asks for the same capability as the NASA Google apps project, and so CloudIDsec will define the associated solution elements.
- » What’s in your cloud? Key lessons to learn after the Capital One breach
- » The rise of Office 365 phishing scams: How one compromised account can cost millions
- » Capital One confirms data breach, cites cloudy approach as key to swift resolution
- » Why a holistic approach to cloud transformation is key to success
- » Capgemini report shows why AI is the future of cybersecurity