Why Commercial Clouds are More Secure than Federal Data Centers

By Roger Baker // January 5, 2015


Roger Baker, former chief information officer for the departments of Veterans Affairs (2009-13) and Commerce (1998-2001), is currently the chief strategy officer at Agilex. 

Ever since the Office of Management and Budget issued its cloud first strategy in 2010, the security of cloud offerings has been a major concern for federal IT managers. It is the primary reason the largest share of cloud expenditures in government has been on private clouds. 

These dedicated offerings are viewed as providing a better fit to existing information security models, as agencies can exert more control over the internal architectures and processes of the private cloud.

In contrast, agencies have believed that commercial cloud offerings were not secure enough for their applications, especially those requiring "high" protections under the Federal Information Security Management Act.

But time and investment by the private sector have turned that belief into a canard. The government’s own FISMA audits provide the primary proof. These audits observe widespread issues with configuration control, patch management, unsupported versions of hardware and software, disaster recovery and numerous other vulnerabilities.

Commercial cloud vendors aggressively avoid these problems as a fundamental part of their business model. They must constantly update their offerings to remain ...

3 Reasons Why Open Source Means Better Security

By Olivier Thierry // January 2, 2015


Olivier Thierry is the chief marketing officer of Zimbra, a maker of open source collaboration software.

The last time you were online, did you click “Remember me” when a website prompted you to save your login information?

The answer is probably yes, and it was likely motivated by convenience. Many U.S. consumers and business professionals think they’re protecting the security of their bank accounts and personally identifiable information, when really their habits of keeping credit cards on file, hosting free email in the cloud and storing passwords on websites or apps are putting this critical data in jeopardy.

In the wake of major security breaches and attacks on businesses and governments in 2014, both sectors in the U.S. and abroad are identifying and cracking down on the security policies that created these issues in the first place.

For example, a recent report by the Ponemon Institute and Zimbra shows that just as many U.S.-based organizations fail to enforce security and data privacy protocols as those succeeding, while 75 percent of business employees frequently use unauthorized messaging and collaboration applications.

While these habits have dire consequences for private and financial industries, risks in governments impact national ...

How Well Do You Really Know Your Network?

By Sean Applegate // December 11, 2014

Inozemtsev Konstantin/

Sean Applegate is director of technology strategy at Riverbed Federal.

Last week, my 9-year-old son and I were watching the movie “The Croods,” streamed directly into our living room through the magic of Netflix (and the cloud). All was going well until about the 40-minute mark, when the movie abruptly stopped and the dreaded “buffering” began.

“Netflix is broken again,” my son said.

“Well, not exactly,” I said. “It’s probably the network.”

My professional and family worlds were colliding.

I say that because federal agencies deal with the same types of application performance issues every day, resulting in productivity losses they can’t afford. As the complexity of federal IT infrastructures continues to grow, so do the demands placed on government networks. Agencies are operating hybrid environments, with enormous amounts of data being shared across various public and private clouds, data centers and geographically dispersed facilities.

That’s a lot of pressure on network resources. The first step in optimizing performance and avoiding crippling latency, or congestion, is answering one fundamental question: “What’s going on across my network?”

It sounds simple, but many federal CIOs are facing a network visibility crisis. Isolated systems and the lack of application-aware ...

3 Ways Mobile Will Attract Top Tech Talent in Government

By Michael Ashford // December 8, 2014


Michael Ashford is the vice president of strategic partnerships of Granicus.

It's time to stop denying that an inevitable change is needed in government recruiting. That change is mobile technology, and if accepted and adopted, it will be the catalyst to attracting much-needed young government workers and top IT/tech talent.

In fact, according to Mika Cross, a presidential management council fellow for workplace transformation strategy, the highest-rated places to work in the federal government are also, coincidentally, high adopters of mobility practice.

You may be wondering why, exactly, is there so much demand for young recruits in government? To begin with, there is a strong concern about the generational mix making up the government today. According to the Office of Personnel Management, about 45 percent of the federal workforce was more than 50 years old in 2013, and by September 2015, it is estimated that nearly 25 percent of all federal employees will be eligible to retire.

Additionally, an increasingly innovative and fast-paced world lends itself to the young and talented minds who grew up with technology at their fingertips -- those who will be charged with continuing to create this type of environment. Without a strong group of ...

How Do You Protect Against Insider Threats?

By Patrick Boynton // December 3, 2014

Maksim Kabakou/

Cybersecurity is usually described in the terms of a siege -- walls defending an agency’s data from the malicious hackers and unfriendly nation states outside. The most serious threat facing an agency today, however, may be from one of its own.

Insider threats are nothing new in government, but the vulnerability of sensitive data has become acute in the digital era. The Manning and Snowden leaks gave this new threat a public face. This past July, the issue hit headlines again when a yet-unidentified individual leaked the guidelines behind the government’s terrorist watch list.

The scope of the threat is clear, considering the breadth of the 5.1 million federal employees and contractors who hold security clearances, and the breakneck pace at which federal data is now created. Moreover, the threat is coming of age as openness and mobility have become buzzwords in the workplace.

So how does the government protect sensitive data? More to the point, how does it do so without stifling the exchange of information within agencies and across government? The Obama administration has taken a lead by establishing a National Insider Threat Task Force in 2011, and by issuing a November 2012 memo outlining best ...