eWeek.com did a nice piece, quoting extensively from recent NSA public statements, on how both cloud and data security strategies in general are starting to move into extended pilot modes. Here is a link to the General’s presentation - below is an except from the eWeek summary.
U.S. Counts on the Cloud to Boost Cyber–Security
By: Fahmida Y. Rashid, eWeek.com
Army Gen. Keith Alexander, head of the National Security Agency (NSA), discussed the cloud and how to defend against increasingly sophisticated cyber-threats at a recent Information Systems Security Association conference in Baltimore and in a follow-up interview with eWEEK. As commander of U.S. Cyber Command, he also discussed rules of engagement for the military in cyberspace.
The cloud is a key part of the intelligence community’s IT strategy, Alexander said, because cloud computing gives defense and intelligence agencies more visibility over hackers who are trying to breach government networks.
Within the NSA and Department of Defense (DoD), there are more than 7 million pieces of IT infrastructure and systems and 15,000 different network enclaves, according to numbers provided by the general. With each enclave protected by its own firewall, network administrators have little to no insight into what is happening in isolated and segmented networks, he said.
“Collapsing the enclaves” would provide administrators with a better end-to-end view of their networks and situational awareness, said Alexander. He added that it’s not a perfect solution, but “it is more defensible.”
In a pilot program, the NSA has reduced the number of applications it is running from 5,000 to 250 cloud applications and slashed the number of help desks from 900 to 450, according to Alexander. The agency plans to keep shrinking the infrastructure to just two help desks and 20 data centers, as well as adopt more open-source software, he said, noting that the military is already using Apache Hadoop and OpenStack.
Read the full piece here.
Tags: cloud, cloud computing, CTO, Cybersecurity, Federal, security, strategy