Tag Archives: Security

Continuing Efforts to Make Cloud a Government Reality

Posted on by

Cloud Computing has moved from a fringe technology that agencies were willing to try to a mainstream part of IT strategy and infrastructure. CloudFirst guidance from the executive branch got agencies looking at cloud as an option as they modernize systems. FedRAMP provided a standard for cloud security for government, easing the fears that a move to cloud meant a less secure system. Agencies have provided a host of guidance on how to use the cloud in their particular environments and for their missions. The intelligence community even went so far as to design a cloud that meets the specific needs of its users.

But even with this growing comfort, it's been a slow implementation process. Earlier this year, the Department of Homeland Security set up a cloud steering group after realizing that of their 584 applications only 29 were currently in the cloud, and another 52 were in the process of moving. They understood the cost and performance benefits of cloud but needed a way to accelerate the move. Beyond the technical aspect of designing cloud for government, there are also policy issues including a Supreme Court-level discussion of how and when cloud providers have to release data that they store. Continue reading

Insider Threat Within Government

Posted on by

Whether it's an Edward Snowden situation or "simply" just someone clicking on a rogue link, insider threat is a real issue for every organization. Insider threat is defined as a malicious threat to the security of an organization and its data that comes from people within the organization, such as employees, former employees, contractors or business associates. These people have some level of legitimate access to systems and information and therefore can open an organization up to attack or a breach. One statistic estimates there is one insider threat for every 6,000 to 8,000 employees within a government agency.[Tweet "Agencies need a combination of monitoring and detection technologies. #GovEventsBlog"]

To mitigate this threat, government agencies need a combination of monitoring and detection technologies, identity management tools, process and policy reviews, forensic capabilities, and user training.  It's a complex problem to "solve" but luckily there are a number of events and resources available to help make sense of all of the issues.

We've pulled together a list of several upcoming events to help in understanding and mitigating insider threats to any agency or organization.[Tweet "Upcoming events covering insider threats to any agency or organization. #GovEventsBlog"] Continue reading

Digital Forensics 101

Posted on by

The digitization of records and processes across government increases the need for sound digital investigation tools and processes. Whether it is looking into a data breach or gathering information for litigation, organizations are spending a lot of time culling through this data to get answers to pressing issues. An IDG survey found that a vast majority of organizations conduct digital investigations on a weekly basis. These investigations range from proving regulatory compliance, security incident response (including post-event analysis), and stopping high risk employee behavior (acceptable use violations).[Tweet "A look at digital investigations with Tod Ewasko, Director of Product Mgmt. at AccessData. #GovEventsBlog"]

We sat down with Tod Ewasko, Director of Product Management at AccessData to learn more about the role of digital investigations as a part of everyday IT efforts.

Q: Who "owns" forensics? IT? Legal? HR?

A: The answer is kind of all three. Many people lump forensics in with cybersecurity, but it's really a separate entity. Yes, forensics tools are used to investigate cyber incidents, but they are not preventative. That is what you have the "hunting" tools out there for - watching firewalls and logs for anomalous behavior or activity. Once that is stopped, then the forensics tools come in to make sense of it - to see how it happened and drive the plans to make sure it does not happen again. Forensic tools look beyond the event and gather all data relevant to the systems in question.

Q: Is forensics all reactive then? Continue reading

A Bitcoin for Your Thoughts: Demystifying Blockchain

Posted on by

Blockchain is a new way to structure data for greater sharing and security. Its algorithm and distributed data structure were initially designed to manage online currency (like bitcoin) in a way that does not need a central administrator to distribute it among people. This removed the need for a middleman (like a bank) to authenticate that what was being transferred was real currency. Instead, this authentication happens because all of the nodes on a peer-to-peer network connected to the block (the asset, money, or data) have to "approve" its transfer to a new party (a good image of this process is found here).

Blockchain essentially provides an online ledger book. The records (or blocks) are individually secured using cryptography that links them to one another and gives each block its own timestamp and provides data about that particular transaction (who it went to). Looking at the ledger you can see where data started and where it went. Through cryptography and the intricate linkages, the blocks (the original asset) cannot be tampered with. This traceability and security has gotten the attention of the government as a way to better protect sensitive data and transactions. Agencies are investigating how to use it to speed procurement, secure employee records, and better enable electronic health records.[Tweet "The traceability & security of blockchain tech has gotten the attention of the Government. #GovEventsBlog"] Continue reading

Defining the Internet of (Government) Things

Posted on by

The Internet of Things, or IoT, is a system of interrelated devices that may have completely different uses, shapes, or sizes, but all have one thing in common-- data and the ability to transfer it autonomously. IoT can be the microchip that helps you find your lost dog, a monitor in a heart valve that alerts doctors and patients to irregular beats, a thermostat that you can turn on remotely, motion detectors that tell you when someone is approaching your door, and so much more. Building on these everyday applications, state, local, and federal agencies are finding ways to use IoT to better serve citizens.[Tweet "IoT was named one of the top subjects discussed at federally-focused events. #GovEventsBlog"]

Since IoT was named one of the top subjects discussed at federally-focused events, we wanted to take a closer look at how government organizations are tapping into the plethora of IoT devices, networks, and capabilities to improve our country's security and welfare. The major trends around IoT in government include:[Tweet "The major trends around IoT in government include: Smart Cities, Cybersecurity and more. #GovEventsBlog"] Continue reading