While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Cloud Security Alliance (CSA), a nonprofit organization that promotes security best practices in cloud computing, will share its research on software defined perimeter (SDP) specifications with the federal government at the organization’s federal summit Tuesday in Washington, D.C.
Jim Reavis, CSA CEO, said SDP is a next-generation architecture, built on the same principles that the government’s three-letter agencies — the FBI, CIA, NSA, etc. — use to protect its classified networks.
The CSA developed a framework for developing them in the cloud in an open-source manner based on collaboration from more than 100 organizations, including Coca-Cola, Verizon and Mazda.
“We see this as an architecture that will be used more in the coming years that will allow for more use of public clouds with high-security needs,” Reavis said. The CSA defines SDP in more detail:
The SDP specification uses a framework of security controls that mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized, creating dynamically provisioned perimeters for clouds, demilitarized zones and data center infrastructures. The SDP has been designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks. SDP traverses several OSI [Open Systems Interconnection model] layers to tie applications and users with trusted networks, using vetted security models.
The CSA has submitted proof of concept for the architecture after running pilots with a number of private-sector partners. The organization also unveiled it to hackers three times — most recently at the RSA Conference in San Francisco — where a $10,000 prize was available to the first participant to gain access to a password-provided account.
“We believe that all computing will soon be cloud computing,” Reavis said. “Our mission is to help organizations overcome the security barriers that exist so they can use cloud computing technologies safely and efficiently.”
The summit will also feature the release of the new Cloud Controls Matrix Federal Risk and Authorization Management Program Candidate Mapping, a new and important guidance tool that has been developed to ensure secure cloud computing for the federal government.