Federal government has come to embrace the cloud in a big way, and many of its departments have already started moving their data and applications to the cloud. Though this is heartening from a technology and user perspective, what is painstaking is the process of approvals. Typically, it takes a minimum of six months for a cloud provider to get security clearance for its service. In fact, six months is when the approvals run at the fastest possible pace. Otherwise, clearance to use cloud service for federal government apps and data can take years. The National Geospatial Intelligence Agency (NGA) wants to change all this.

To those working in NGA this elaborate approval process feels like a super slow motion and this is why they’re doing everything they can to change it. According to Jason Hess, the cloud security head at NGA, many different processes are being put in place to reduce the time it takes for a cloud provider to get security clearance. Ideally, Hess wants all approvals to be cleared in a single day, so the cloud service can be up and running within 24 hours of its application. Currently, the NGA uses a combination of DevOps techniques to get approvals within seven days, but this hasn’t been easy by any breadth of imagination.

This is a big initiative, considering that the NGA is planning to move all of its data and applications to the cloud, in a big to “re-invent security.” The agency is looking to tap into the flexibility of cloud to break-down the IT architecture and re-build it every day, so hackers will experience a new operating environment every day. NGA believes that such a move can confuse hackers and the familiarity with the system, and in the process, will reduce the chances of an attack as well.

Though this idea is unique, its practical application is always questionable. Is it possible to build such a dynamic IT architecture that changes every day? Will there be a specific pattern that would be followed in choosing the architectural style? These are important questions that have to be answered if the NGA wants to use this strategy to prevent outside attacks on its system. If an architectural style is going to be repeated after every few days, then it becomes predictable for hackers. Also, if there is no randomization, then architectural styles can be guessed by sophisticated hackers.

Given these questions, we can say that the NGA’s approach to cyber security is not for everyone. Currently many federal departments have vast amounts of data and legacy systems that can make it almost impossible for them to tear down the IT architecture and build one from scratch each day. At the same time, simply installing cyber security measures at the edges of a network system is not going to work anymore.

So, federal departments have to strike a balance between the aggressive security approach of the NGA and its own problems of legacy systems and siloed data,

Overall, it’ll be interesting to see if NGA’s plan can be implemented across the board.

The post NGA wants to speed cloud deployment appeared first on Cloud News Daily.

Cloud security is one of the fastest growing market segments today. The latest report from Grand View Research Inc further accentuates this trend, as it predicts the cloud security market to grow to $13.93 billion by 2024.

Even if this sounds phenomenal, it’s still possible because of a host of factors. Firstly, more companies are moving to the cloud because of the many benefits that come with it. At the same time, the last few years has seen an increasing number of cyber attacks and data breaches that have resulted in millions of dollars of loss for companies. To counter this problem, cloud security strategies will be put in place. Already, many cloud service providers and client companies are working on addressing cloud security flaws, and this is only expected to increase over the coming years.

Secondly, many cloud service providers are investing heavily in security infrastructure in the form of additional infrastructure, research and innovation. Some are even acquiring other companies that have made remarkable progress in cloud security. All these investments are sure to bring in more customers, thereby increasing the size of cloud security market.

Thirdly, cloud computing is erasing geographical boundaries with its widespread reach. As more companies take to the cloud, this market will grow. Along with it, the security market will also grow to keep pace with the growing security needs of customers.

Another important factor that will fuel the growth of cloud security market is the changing government regulations. As cloud computing becomes a mainstream part of businesses, governments are forced to come up with regulations that will protect the interests of businesses and individual consumers. These regulations are more likely to make cloud access and security more stringent, and this in turn, will fuel the cloud security market.

For example, Germany and other countries in the EU are option for high data privacy by enacting legislation to keep data only within their geographical borders. In other words, data pertaining to German businesses and residents should be stored only within the territorial boundaries of Germany. Other countries like the U.S and France are striving to get greater visibility on Internet traffic. With such regulations in place, cloud security is sure to grow.

Along with government regulations, industry specific regulations such as Health Insurance Portability and Accountability Act (HIPAA) for the healthcare industry, Payment Card Industry Data Security Standard (PCI DSS) for the financial sector, Safe Harbor Act and European Union Data Protection Directive are likely to make enhance cloud security, and this could eventually help the cloud security industry to grow.

Due to these factors, the cloud security industry is well on its way to some astounding growth over the next decade.

According to the report, the major players in this market segment are CA Technologies Inc, Cisco Systems, IBM Corp, Intel Corp, TrendMicro and VMWare. Other companies that are vying for a market share in this industry are Whitehat Virtual Technologies, Snoopwall Inc and BMC Software.

The post Cloud Security Market to Grow to $13.93 Billion by 2024 appeared first on Cloud News Daily.

Prominent websites like Twitter, Netflix, Airbnb, and Spotify were having sporadic problems since Friday, thanks to a Distributed Denial of Service (DDoS) attack on Dyn’s servers. Dyn is one of the largest ISPs in the world, so an attack on its servers meant a significant chunk of DNS (Internet’s address directory) went down.  DNS is something similar to a phone book, and it allows users to connect to different websites and applications. Thus, when the DNS servers were attacked, users could not connect to certain IP addresses.

In most DDoS attacks, the information is intact, but temporarily unavailable. But in this case, Dyn’s core Internet infrastructure was hacked, so any organization that is directly dependent on Dyn or a service provider that uses Dyn’s servers were affected.

Besides websites, a whole lot of Internet of Things (IoT) devices that are hooked to the Internet were also affected. Cameras, baby monitors, and home routers are some of the devices that were affected by the outage. Also, corporate applications that are used to perform critical business operations were affected, thereby raking up huge losses for different companies.

Out of these companies, the ones that were worst-affected are those that rely on SaaS for critical business operations. This attack, in many ways, exposes the vulnerability of cloud computing, and the consequences of depending on third-party servers for the most critical of operations. Had these companies used multiple DNS providers or if they had stored their critical business applications in local servers, the impact of such an attack would have been greatly negated.

Going forward, what does it mean for businesses that depend on the cloud?

First off, this is a complex attack that is believed to have been done by a large group of hackers. The nature and source of the attack is still under investigation, so at this point in time, it’s hard to tell who’s behind the attack. But such complex attacks can’t happen every day as it requires enormous amounts of planning and coordination. That said, Verisign came up with a report recently that showed a 75 percent increase in such attacks from April to June. How much of it translated to loss for companies? Only a miniscule when compared to the direct security attacks that companies face.

Secondly, we’ve come too far ahead with cloud, to imagine a world without it. SaaS, PaaS, and IaaS have become integral aspects of businesses, and the benefits that come from it are enormous as well. So, compromising on the huge benefits for a rare attack is not a sound decision.

From the above argument, we can say that this DDoS attack is not going to change the cloud market overnight. However, it will make users more aware of the vulnerabilities of the cloud, so they will be better prepared to handle such situations in the future. This is also a good learning experience for companies like Dyn, as it’ll look at ways to beef up its security arrangements.

In short, though the DDoS attack was dangerous and widespread, its impact on cloud may be minimal because the benefits from cloud are huge, and such attacks are seen as rare instances when compared to direct attacks on large companies.

The post Dyn’s DDoS Attack – What it Means for the Cloud? appeared first on Cloud News Daily.