Editor’s Pick: DOD Cloud Computing Concerns with Cloud Security
DOD's Move to the Cloud Keeps Security Experts Up at Night
As federal agencies continue to move to the cloud, the U.S. Department of Defense is concerned about cloud security. Recent breaches, including WikiLeaks and state-sponsored hackers, have security experts up at night worrying about how to protect military data in a cloud environment. DOD has made the decision to build an internal private cloud with hardened servers rather than move into commercial cloud environments. The agency is also relying on the Defense Advanced Research Projects Agency (DARPA) to point to innovative technologies and new approaches to cloud security, especially related to mechanisms that provide authorized access to cloud resources. The goal is to eliminate anonymity with cyber credentials issued by an agency called DOD Public Key Infrastructure. These credentials will be in use by the end of fiscal year 2012.
DOD is looking at other security measures such as automation to increase the speed and remove the risk of human error from system administration tasks. They also want to build a more defensive cloud that uses the distributed nature as a way of turning the tables on cyber attackers with collective immunity, rapid recognition of threats, and diversity of the environment to minimize risk to the entire infrastructure.