Cloud Migration Best Practices for Federal Agencies

By Matthew McKenna // October 28, 2015


Matthew McKenna is chief commercial officer at SSH Communications Security  

When it comes to IT, federal agencies are tasked with ensuring cost efficiency as well as top-notch security. As the federal government makes a massive move to the money-saving cloud, IT pros must adhere to the defined security requirements for the federal use of cloud services as they migrate a selection of key functions.

The Federal Risk and Authorization Management Program provides guidance regarding the security objectives that must be met to achieve compliance. The challenge in effectively implementing any security framework, including FedRAMP, is making sure there are no major gaps between the security intent of the framework and the technical and administrative controls actually used in a given implementation. One of the most common areas of disconnect between security intent and implementation is in the realm of privileged, encrypted access.

Issues With Identity and Access Management

A common method used to restrict access on mobile networks, the Internet and the cloud is the Secure Shell protocol. In Secure Shell networks, key-based authentication is used to gain access to critical information. Keys are easy to create and are, at the most basic level, simple text files that can be...

How VA and DOD Can Approach Data Standards and Interoperability -- Before Standards Are Established

By Lynda Joseph // October 27, 2015

everything possible/

Lynda Joseph is capital area director at DSS Inc.

For organizations like the departments of Defense and Veterans Affairs, patient safety and quality of care are paramount, thus, having the ability to seamlessly share medical data with each other, as well as with other providers, is critical. Consider for a moment, a service person’s transition from active duty to veteran status. Patient records and critical medical history details must transition smoothly to ensure the patient receives appropriate, complete care at the right time.

As interoperability and information sharing efforts continue to pose challenges within the health care industry as a whole, standards must be developed so all entities can facilitate the transfer of data quickly, easily and efficiently. Even before such standards have been established, VA and DOD can strive for better interoperability and information sharing leveraging existing technologies used both in and outside of the health care industry.

Initiating a Long-term Strategy

As with most technology development, it takes time for standards to evolve. While this evolution occurs, however, agencies and providers alike might consider turning to emerging technologies to help with interoperability and data-sharing challenges.

For example, high-profile companies are successfully utilizing Fast Healthcare Interoperability Resources-based standards...

To be Successful, Hackers Need These 3 Elements

By Chris Smith // October 23, 2015


Chris Smith is director of cybersecurity strategy at SAS.

By the time a cyberattack is discovered, the hackers responsible may have been inside a network for months. During that time, hackers lurk persistently and become increasingly undetectable within the network, where they uncover and later extract an organization’s most valuable information.

Hackers’ reconnaissance activities are shrouded within massive amounts of data and are difficult to detect. By harnessing and enriching all this data in real-time and applying complex behavioral analytics, agencies can do just that – adding an essential layer of cyber defense.

To be successful, hackers need three elements, including:


There is little in the way of means, or resources, that can be done to prevent a cybercrime. Once a person develops sufficiently sophisticated coding methods, they can use their skills in whatever way they choose.

Whether they choose to act benevolently or maliciously, it is up to the coder to decide how they apply their techniques. The most common are phishing, man-in-the-middle, backdoor, zero-day and keylogging. The availability of pre-packaged scripts (like Lizard Squad’s distributed denial-of-service script) also contributes to means, even if the attacker lacks the technical sophistication needed.


Most people are motivated by...

5 Ways to Spot a Coerced Insider Threat

By William Senich // October 22, 2015

Andrea Danti/

William Senich is corporate vice president for global cyber solutions at Alion Science and Technology.

The scariest part of the Office of Personnel Management data breach isn’t that hackers have the data – it’s what they plan to do with it.

The sheer amount of personal information seized, allegedly by a Chinese espionage operation, has grabbed headlines for months. We know there are nearly 22 million Americans who had their data stolen. We also now know that nearly 6 million people had their fingerprint data stolen, leading to a host of new national security issues.

While the fact that this data has been stolen is scary, the bigger question is what will the hackers do with it?

When a large corporation is hacked for personal information, it usually takes the form of recent incidents at Home Depot or Target where customers’ credit card information is stolen and used by perpetrators for fraudulent purposes. Specifically, those who stole the credit card information were making unauthorized purchases or taking out cash against the credit line.  

It is those outcomes that led the government to offer free credit reporting and protection for those involved in the OPM hack. But the motivation behind...

The Evolving Role of the Chief Customer Officer in Government

By Teresa A. Weipert // October 20, 2015

Teresa A. Weipert is executive vice president and general manager at Sutherland Government Solutions.

The digitally connected age has created many new challenges and has required businesses to be responsive, informed and aligned to their customer’s vision. New analytical technologies, social channels (including social media), interactive Web platforms and especially mobility have transformed the customer experience.

To adapt to the changing era, industry has created the role of chief customer officer, or CCO. Currently, there are more than 2,000 chief customer officers in industry, and the numbers are growing.

The federal government has taken heed of industry’s evolving customer engagement strategies in the age of digital disruption. They have recognized the lessons that commercial best practices can provide guidelines for crafting policies and operations that are streamlined, transparent and accountable.

The General Service Administration created 18F, whose mission is to improve the public’s experience with government. The U.S. Digital Service was created and funded “to improve and simplify the digital experience that people and businesses have with their government."  

When we really think about this, it is part of our investment, our taxes, the health and wellbeing of our citizens. Each one of us wants...