This document discusses cloud computing security risks. It notes that while cloud computing provides benefits like reduced costs, increased flexibility and scalability, it also presents security concerns around standards, availability, data portability, control and security. The document reviews common cloud security threats such as data loss, account hijacking and issues around shared infrastructure. It provides an overview of approaches to help address these risks, including governance, continuous monitoring and FedRAMP compliance. The document advises that cloud computing is an emerging field not a new technology, and that the same threat vectors exist but are potentially faster and more automated. It suggests security must adapt to the cloud instead of avoiding it.
IBM mainframe sales reps and distributors don't enjoy the pleasures and satisfaction of the whole
world's anticipation, speculation, or even the organized illicit intelligence gathering, which seems to be
common in Apple's i-world these days. There was a time, beyond the memories of most of the IT
community, when they did, but the world has changed and new technologies have driven the focus to a
broader audience that is less sophisticated in many respects. As a consequence, the “fun stuff” has shifted
a good deal from what's the biggest and fastest, toward what is the latest, and usually smaller, innovation
– the new gotten have. Computing, if you will, now is more personal and portable. Does anyone care
what all this stuff is connected to and what holds it together anymore? Not so much, apparently.
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell
Don't miss the opportunity to interact with key members of the Novell Services team. We are eager to hear from the customers we serve and provide insights to you into our continuous improvement plans aimed at your satisfaction. In this session, you will learn how Novell has worked to maintain our world-class support standards in the face of intense, global economic pressures and challenging industry trends. Take a peek inside the processes of our global support organization, learn about our technological advancements, and provide feedback on our support offerings.
Embedded Database Technology | Interbase From Embarcadero TechnologiesMichael Findling
Embarcadero Technologies is the leader in database tools and developer software. InterBase® SMP 2009 combines the high performance of a multi-generational architecture with peace of mind of log-based journaling and disaster recovery. InterBase SMP combines simple installation and automatic crash recovery, with a self-tuning engine that makes it well-suited for embedding.
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
Develop and open and inclusive cloud service brokerage environment that provides the Government the capability for rapid acquisition of proven innovative technologies on a fee for service basis
To the maximum extent possible leverage what already exits versus custom development to include incorporation of industry standards and a consistent implementation environment
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
BCL is tailored for the rapid delivery of enterprise business capability. It combines multiple, disjointed oversight processes into a single process. It recognizes that technology rapidly evolves and changes, and consequently, BCL mandates rapid capability delivery – within
eighteen months or less of program initiation. BCL is outcome-based, and modeled on best commercial practices. The process allows for the fact that not all solutions are purely technical. The entire DOTMLPF (Doctrine, Organization, Training, Materiel, Leadership
and education, Personnel and Facilities) spectrum of potential solutions are considered.
Since announcing its “Cloud First” policy in 2010, the Federal government has correctly identified cloud computing as a way to reduce costs and improve the use of existing assets, and has accordingly prioritized its adoption. It has also taken judicious steps to protect Federal networks from nefarious cyber-attacks and promote the dissemination of best practices for cybersecurity. The Federal government has also embraced mobility as a means to conduct work from any location. But until now, the implementation of these initiatives has been fragmented and lacked coordination across Federal agencies. This paper offers a framework for integrating these programs in a way that enables the Federal government to realize the economic, technological, and mission-effectiveness benefits of cloud services while simultaneously meeting current Federal cybersecurity
requirements. It advocates shifting from a compliance-based cybersecurity paradigm to
one that is risk-based and focusing on how to most effectively secure their implementation of cloud services.
IBM mainframe sales reps and distributors don't enjoy the pleasures and satisfaction of the whole
world's anticipation, speculation, or even the organized illicit intelligence gathering, which seems to be
common in Apple's i-world these days. There was a time, beyond the memories of most of the IT
community, when they did, but the world has changed and new technologies have driven the focus to a
broader audience that is less sophisticated in many respects. As a consequence, the “fun stuff” has shifted
a good deal from what's the biggest and fastest, toward what is the latest, and usually smaller, innovation
– the new gotten have. Computing, if you will, now is more personal and portable. Does anyone care
what all this stuff is connected to and what holds it together anymore? Not so much, apparently.
Novell Support Revealed! An Insider's Peek and Feedback OpportunityNovell
Don't miss the opportunity to interact with key members of the Novell Services team. We are eager to hear from the customers we serve and provide insights to you into our continuous improvement plans aimed at your satisfaction. In this session, you will learn how Novell has worked to maintain our world-class support standards in the face of intense, global economic pressures and challenging industry trends. Take a peek inside the processes of our global support organization, learn about our technological advancements, and provide feedback on our support offerings.
Embedded Database Technology | Interbase From Embarcadero TechnologiesMichael Findling
Embarcadero Technologies is the leader in database tools and developer software. InterBase® SMP 2009 combines the high performance of a multi-generational architecture with peace of mind of log-based journaling and disaster recovery. InterBase SMP combines simple installation and automatic crash recovery, with a self-tuning engine that makes it well-suited for embedding.
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
Develop and open and inclusive cloud service brokerage environment that provides the Government the capability for rapid acquisition of proven innovative technologies on a fee for service basis
To the maximum extent possible leverage what already exits versus custom development to include incorporation of industry standards and a consistent implementation environment
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
BCL is tailored for the rapid delivery of enterprise business capability. It combines multiple, disjointed oversight processes into a single process. It recognizes that technology rapidly evolves and changes, and consequently, BCL mandates rapid capability delivery – within
eighteen months or less of program initiation. BCL is outcome-based, and modeled on best commercial practices. The process allows for the fact that not all solutions are purely technical. The entire DOTMLPF (Doctrine, Organization, Training, Materiel, Leadership
and education, Personnel and Facilities) spectrum of potential solutions are considered.
Since announcing its “Cloud First” policy in 2010, the Federal government has correctly identified cloud computing as a way to reduce costs and improve the use of existing assets, and has accordingly prioritized its adoption. It has also taken judicious steps to protect Federal networks from nefarious cyber-attacks and promote the dissemination of best practices for cybersecurity. The Federal government has also embraced mobility as a means to conduct work from any location. But until now, the implementation of these initiatives has been fragmented and lacked coordination across Federal agencies. This paper offers a framework for integrating these programs in a way that enables the Federal government to realize the economic, technological, and mission-effectiveness benefits of cloud services while simultaneously meeting current Federal cybersecurity
requirements. It advocates shifting from a compliance-based cybersecurity paradigm to
one that is risk-based and focusing on how to most effectively secure their implementation of cloud services.
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Samy Fodil
Webinar recording: https://youtu.be/t30Aa-mq93Q
Do you need to build scalable 5G and IoT applications? Or, maybe distribute the computing required by AR/VR throughout the data path? Perhaps you need to implement Digital Twins? Well you've come to the right place.
Edge Computing is a paradigm that distributes computing and data storage between the Cloud and the users. In fact, the data center infrastructure that sits between you and the Cloud is actually larger than all the Cloud data centers combined. For over two decades, thanks to that Edge infrastructure you've been able to watch videos and smoothly surf the web. Today the "Edge" is powering all the automation around you; for example, smart cities, smart cars, smart factories, etc.
The term "cloud native" is thrown around constantly when referring to how to build modern applications, but it has been hard to find a consistent and fully encompassing description of what it really means. In this webinar, Kim Clark and Kyle Brown discuss a range of elements that need to come together to take a truly cloud native approach and also consider what some of the key challenges are.
Dell EMC Ready Solutions for Big Data are powered by the BlueData EPIC software platform - for on-demand provisioning and automation. These integrated solutions enable a cloud-like experience for Big-Data-as-a-Service (BDaaS) while ensuring the enterprise-grade security and performance of on-premises infrastructure.
With Dell EMC Ready Solutions for Big Data, customers can rapidly deploy their analytics and machine learning workloads in a secure multi-tenant architecture, for multiple different user groups running on shared infrastructure. Their users can quickly and easily provision distributed environments for Cloudera, Hortonworks, Kafka, MapR, Spark, TensorFlow, as well as other tools.
The new Ready Solutions include everything that customers need to enable BDaaS on-premises – including BlueData EPIC software as well as Dell EMC hardware, consulting, deployment, and support services.
To learn more, visit www.dellemc.com/bdaas
Andreas Pöschl, Senior Solutions Architect, BMW
Agenda
BMW Group IT
Organization
Environment
BMW Group and its private cloud
Expectations
Challenges
How ODCA usages will help
Key decisions
Implementation
Next Steps
Amazon on Amazon: How Amazon Designs Chips on AWS (MFG305) - AWS re:Invent 2018Amazon Web Services
AWS global infrastructure continues to innovate and scale. To sustain innovation and growth, Amazon uses AWS to design the next generation of cloud infrastructure. Accelerating the RTL to GDSII workflow, Amazon uses AWS for semiconductor design and Electronic Design Automation (EDA) tools. In this session, we discuss the infrastructure and architectures that our own silicon teams use to design the next generation of cloud computing infrastructure. From switch technology to specialized hardware, the immense capacity, elasticity, and agility that AWS provides is powered by Amazon processors. Through partnerships and collaborations with many EDA vendors and semiconductor customers, Amazon continues to quickly advance technology at an unprecedented pace.
How To Deliver High Performing Highly Available Cloud ApplicationsBen Rushlo
Whether you are just starting to think about adopting a cloud model or have already implemented this in your organization, by moving from on-premise applications to the cloud you are giving up lots of control. How do you make sure you meet end-users’ performance expectations when someone else takes the reigns? End-users expect sub 1s response times as your on-premise apps did. How can you ensure such performance with your cloud service provider? Web performance is paramount for your users and not having the right metrics in place to remain in control can lead to costly performance issues.
WFT has pioneered implementation of SAP on Private cloud, SAP Cloud computing & moving traditional on-premise data center to WFT Cloud for all their non-production and other non-critical applications. Virtualization though available for years has finally matured by providing end users leverage to embrace cloud computing solutions and technologies.
Introduction to Machine Learning on IBM Power SystemsDavid Spurway
My second presentation from the IBM i Premier User Group on the 20th July 2017, in IBM Hursley. This was an introduction to Machine Learning and PowerAI, IBM Power Systems pre-integrated offering that makes use of the NVIDIA GPUs and the industry unique NVLink to accelerate the learning stage of Machine Learning
Similar to FBI Symposium on Cloud Computing and Security v2 (20)
This benchmark is the result of the collaboration between Burstorm and Rice University and uses a high degree of automation. The scope of the first benchmark is seven suppliers across three continents with a total of 96 different instance types. The benchmark was executed every day, for at least 15 days. The results are normalized to a monthly pricing model to establish the price-performance metrics.
Cloud Computing is an information technology gold rush. Everything from social media and smart phones to streaming video and additive games come from the cloud. This revolution has also driven many to wonder how they can retool themselves to take advantage of this massive shift. Many in IT see the technology as an opportunity to accelerate their careers but in their attempt to navigate their cloud computing future, the question of what type of training, vendor-neutral or vendor-specific, is right for them
The Federal government today is in the midst of a revolution. The revolution is challenging the norms of government by introducing new ways of serving the people. New models for creating services and delivering information; new policies and procedures that are redefining federal acquisition and what it means to be a federal system integrator. This revolution also lacks the physical and tangible artifacts of the past. Its ephemeral nature, global expanse and economic impact all combine in a tidal wave of change. This revolution is called cloud computing.
GovCloud Network, LLC helps its clients develop and execute mission and business strategies to leverage the parallel and global nature of cloud-based services. We employ our technology, strategy, digital publishing and social media expertise across three lines of business- Business Strategy & Design, Digital Publishing & Social Media and Education.
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.
Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.
Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher PageGovCloud Network
Assured C2 sets conditions for Navy commanders to maintain the IT- enabled ability to exercise C2 authorities across the sea, land, air, space, and cyberspace domains in heavily contested or denied operating conditions.
Navy must continue to clearly define and manage capability-based Assured C2 requirements and resources, and align those requirements and resources with JIE/IC ITE through the IDEA
The primary beneficiaries of the effort to deliver Assured C2 capabilities are the requirements stakeholders: USFF, USPACFLT, and USFLTCYBERCOM subordinate commanders who execute Navy’s warfighting mission in all domains.
Intrusion Detection on Public IaaS - Kevin L. JacksonGovCloud Network
Cloud computing is driving the business of information technology today.
“A recent Gartner survey on the future of IT services found that only 38 percent of all organizations surveyed indicate cloud services use today. However, 80 percent of organizations said that they intend to use cloud services in some form within 12 months, including 55 percent of the organizations not doing so today.“ (Gartner, Inc, 2013)
As companies rush to adopt cloud, however, information technology (IT) security sometimes seems to be an afterthought.
The goal of this paper is to provide a survey of the current state of IT security within public cloud infrastructure-as-a-service providers. After first providing a cloud computing overview, the paper will focus on the infrastructure-as-a-service (IaaS) deployment model, the typical home of IaaS intrusion detection components. The Gartner Cloud Use Case Framework will then be introduced as it will also serve as the framework for this survey. An in-depth review of public cloud intrusion detection studies, options and expert observations will then follow. The paper will then offer the authors conclusions and cloud computing IDS recommendations for enterprises considering a move to the cloud.
A Framework for Cloud Computing Adoption in South African GovernmentGovCloud Network
Technology adoption is always a critical concern in organizations (private and public). South African government experienced this encounter when adopted Open Source Software (OSS) with the objective to reduce ICT services costs among others. The implementation of OSS in SA government has faced several challenges such as user resistance, human factor, support and funding. As a result of these challenges cost reduction has not been fully achieved. Cost reduction issue ultimately affects implementation of other government programmes such as those who yields job creation, better education, and improving health, etc. The potential alternative to address the same objective as aimed by OSS is Cloud Computing adoption. Cloud Computing promise to offer the SA government more advantages OSS. This study explore the feasibility of Cloud Computing adoption as an alternative to enable cost reduction, effectiveness and efficient of IT services in SA government as was aimed by OSS initiative.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
FBI Symposium on Cloud Computing and Security v2
1. Cloud Computing and Security:
Assessing the Risks
Kevin L. Jackson
Vice President &
General Manager
NJVC Cloud Services
March 21, 2012
NJVC Proprietary - Do Not Release
7. Cloud Computing
Not a new technology but a new approach in the provisioning and consumption of
information technology
A services oriented architecture (SOA) implemented typically on a virtualized infrastructure
(compute, storage, networks) using commodity components coupled with highly automated
controls enable the five essential characteristics of cloud computing.
Key Benefits Key Concerns
Significant cost reductions Standards
Reduced time to capability Portability
Increased flexibility Control/Availability
Elastic scalability Security
Increase service quality IT Policy
Increased security Management / Monitoring
Ease of technology refresh Ecosystem
Ease of collaboration
Increased efficiency
NJVC Proprietary - Do Not Release
8. Cloud Computing: Value and
Capabilities
Time
Reduce time to deliver/execute mission
Increased responsiveness/flexibility/availability
Cost
Optimizing cost to deliver/execute mission
Optimizing cost of ownership (lifecycle cost)
Increased efficiencies in capital/operational expenditures
Quality
Environmental improvements
Experiential improvements
NJVC Proprietary - Do Not Release
9. Relational Databases and the Cloud
German, BMW,
Truck
Truck The economics of data
storage led to the use of German, BMW,
BMW Car
content addressable storage, Car
SUV flat storage architectures and German, BMW,
Germany … internet scaling. SUV
Volkswagen … German
Volkswagen, Truck
Audi …
Search …
Toyota
Country
Japan Honda
…
Mazda
Database design,
Ford …
database tuning no
US Chrysler longer required with
GM …
infinite scalability and …
consistent
responsiveness US, GM, SUV
3t 1t 9
NJVC Proprietary - Do Not Release
10. Traditional Analytics
Traditionally, lexical searches, filtering or
••••••••••• Boolean search attributes are used to
reduce data to a “working set”. Analytical
tools are then applied to this “working
••••••••••• set”.
•••••••••••
•••••••••••
••••••••••• Tools/Analysis Reports/Conclusions
•••••••••••
All Data Sources / Types
1
NJVC Proprietary - Do Not Release
11. Cloud Enables Searching All the Data,
All the Time
•••••••••••
•••••••••••
•••••••••••
•••••••••••
••••••••••• Reports/Conclusions
•••••••••••
1
NJVC Proprietary - Do Not Release
14. Computing
Malicious Insiders
Data Loss or Leakage
Unknown Risk Profile
Shared Technology Issues
Insecure Interfaces and APIs
Account or Service Hijacking
Abuse and Nefarious Use of Cloud
Top Threats to
Cloud Computing
Governance and
Enterprise Risk
Management
Legal and
Electronic Discovery
Compliance and Audit
Governance
Information
Lifecycle Management
Portability and
Interoperability
Traditional
Security, Business
Continuity,
Data Center
and Disaster Recovery
NJVC Proprietary - Do Not Release
Operations
Incident Response,
Notification and
Remediation
Application
Security
Operational
Encryption and
Key Management
Identity and
Access Management
Virtualization
19. Overview
Sli
de
NJVC Proprietary - Do Not Release 19
20. C&A vs FedRAMP
Standard Certification & Authorization
100% of required agency controls
60-90 days to complete
$80k-$300K
Repeat with each new agency: 5 agency cost $400K-$1.5M
FedRAMP (290 Controls)
80% of required agency controls
60 days to complete
$65-$240K
Agency specific controls for new implementations: 5 agency cost
$65K-$365K
Slide 20
NJVC Proprietary - Do Not Release
26. Continuous Monitoring Deliverables
Vulnerability/Patch Management Scanning and
Reporting
Configuration Scanning and Reporting
Incident Response Planning and Response
POA&M Mitigation and Remediation
Change Management and Control
Penetration Testing
A&A Documentation Maintenance
Contingency Plan Testing
NJVC Proprietary - Do Not Release
28. My Advice
Remember – Cloud computing is an emerging discipline
Learn about it. Don’t run away
This is not a new technology but extensive
automation of what you’re already used to
Same threat vectors. Same attacks but faster,
broader and automated using “resource
concentration”
Cloud will save you, not hurt you.
Be careful out there !!
NJVC Proprietary - Do Not Release
29. Thank You !
Kevin L. Jackson
Vice President
General Manger
NJVC Cloud Services
(703) 335-0830
Kevin.jackson@NJVC.com
http://www.NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com
NJVC Proprietary - Do Not Release