Former federal CIO: Cloud knowledge important for overall cybersecurity

Fed Cloud Blog continues its discussion with Hord Tipton of ISC(2).

Today he talks with us about the ‘hype’ around cloud computing, and whether there is too much of it.

HT: One could have that opinion, I guess, but I think it is such an important topic that it’s worth going under an opinion such as that.

When you combine cloud computing with the other game-changing technology and the use and explosion of cell phones, collaboration [tools] and all of that, our security people are just overwhelmed with new problems to solve, or new approaches and new risks that they have to somehow figure out how to deal with.

What the catch-all name of ‘cloud computing’ does for us is make us focus on the point that this really and truly is an issue that we need to get out in front of, not with the notion of trying to stop it or slow it down, because it’s already out of the gate — it has been for, in my opinion, a few years — but how do we identify the problems? How do we take advantage of the findings and the concerns that have already been expressed through other working groups and reports that we’ve read?

At this point, we got interested because we think there’s all sorts of concerns expressed that point at potential problems, but the focus, in my view, has not really sharpened to the point that it’s provided useful information for executives and security professionals as to — okay, now we know we’ve got a problem, what’s the best way to approach it?

So, we’re looking at it and we are taking the information that we have — we take the concerns that are already expressed — and now we’re trying to wrap this into a focused report that can point out some best practices in terms of dealing with the issues that we know about. Some we’ve known about for years, and others are a bit new and we may not have had to deal with them, but they’re all of a sudden very, very real.

FCB: You actually answered our last question, which was — what are you hoping to learn? Is there anything else you wanted to add?

HT: I guess I would simply say that cloud computing, Web 2.0 and all the remote computing [tools] are part of our business now. Looking at it as a game-changer set of technologies, all of us are going to have to adjust our positions on the field.

Just staying current with it — we have 67,000 members out there that we try to keep tuned in and sharp on this. We provide them information — and keeping our security forces and our people tuned to what these issues are is part of the continuing education that we build into the ISC(2) certification process.

It’s just not enough to have smart people. You have to keep people smart. And they have to be smart, particularly in this day and age, in how to operate in the cloud.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: