Data security key for cloud environment, says NSA official

Cloud computing has the potential to increase cybersecurity through increased analytics, said a National Security Agency official while speaking March 19 at an Information Technology Acquisition Advisory Council event in Reston, Va. "One of the things we found in early experiments with these technologies is you can turn this analytic cloud stuff back on itself, and you can take the event of who's using the cloud, put it back in the cloud, and use those same technologies to analyze it to look for anomalies," said Neal Ziring, technical director in NSA's information assurance directorate The intelligence community is also embracing a data security concept model dubbed "smart data," he said. The idea is that data gets associated with handling attributes and also gets tracked as it moves through various systems. "So then you know what's supposed to happen, you know what did happen, you can look for anomalies between them," Ziring said. As cloud environments become more ubiquitous, Ziring added, data control can no longer depend on just system-based security, which in any case is just a proxy for data security. The NSA, he noted, is working on a key/value (i.e., NoSQL) open source database called Accumulo that is meant to permit users role-based access according on a cell-by-cell level. Governmentwide cloud security initiatives may be of only limited utility to the intelligence community, however. FedRAMP, an effort to extend to public cloud providers provision authorization to operate on any federal network is "very oriented towards civilian agencies using public clouds on the Internet," Ziring said. "We're going to be using community and public clouds on classified networks," he added, stating that the classified world has a somewhat different threat model than civilian agencies. For more: - go to the IT-AAC homepage - go to the NSA Accumulo proposal (released through the Apache Foundation) Related Articles: Ozone Widget Framework to transition to OSS Army lawyers dismiss Apache license indemnification snafu NRO budget justification sheds light on IT projects
This entry was posted in Cloud Computing, Gov 2.0/Open Gov, Technology. Bookmark the permalink.

Comments are closed.