ISC(2) is starting a cloud security working group. This week, Fed Cloud Blog talks with Hord Tipton, their executive director, and former CIO at the Interior Department. FCB started by asking him to explain what his company’s role currently is in the federal cloud space.
HT: ISC(2) is a non-profit organization dedicated to good security in the IT space, regardless of where it is — on the ground or in the cloud, or anywhere that data may be in search of a good guardian.
FCB: We understand you have a cloud security working group coming up. Let’s talk a little bit about that. How did this whole idea come about?
HT: Well, cloud computing seems to be the hot topic of, probably over the last six months — maybe to a year — and, frankly, those of us that have been in this business for a long time think that we’ve simply refined it or put another name on it or are focusing on the expansion of the use of cloud computing. If you really stop and think about it, it’s not new, it’s just exploding.
FCB: Who’s taking part in this security working group?
HT: We thought that we would put a group together and focus primarily on the government space and see if we could address the issues that have been raised on this over the last six months to a year and come up with some recommendations or some best practices to try to address the issue.
Representatives in the group — and we should give recognition to our partner on this, as well — Cisco Federal — but they include members from Department of Justice, Veterans Affairs, NSA, IRS and some others.
FCB: So, you’re getting all of these people together. Is this going to be a one-time thing, or a monthly [meeting]?
HT: Our game plan is to work this through, get as much good information and focus as we can on this and produce some preliminary results at our upcoming conference at the end of May. [It is] our Secure America conference and we always have good attendance at that. At that point, we will continue to refine the study and then report back with a final report in November at the 1105 Security Conference.
FCB: So this report will be open to the general public?
FCB: Let’s talk a little bit about some of the concerns surrounding cloud computing as a whole. Is this working group going to look at subjects like security, because we know from doing these interviews a lot of people are concerned that once they move to the cloud formula, so to speak, they’ve got all this data out there — but, you mentioned earlier that cloud computing is nothing new. So, how are you looking at security now in terms of that?
HT: Well, if we stop and think about it, the issues that we’re concerned about by operating in the cloud aren’t really all that new or different than issues that our security professionals and technicians face every day. We simply have expanded the way by which we negotiate those concerns. We simply moved our data to a different place, and now all of a sudden we find there are more people involved in protecting that data. We certainly aren’t going to walk away from it and totally trust someone else to handle that for us. There are so many different ways and uses of technology that you really have to be cognisant of and stay in touch with — but, to me, we have simply relocated some of the issues that relate to security and protection of that data.