Building a Trust-Based Relationship with your Cloud Vendor: The Dating Game

Parham Eftekhari

Abstract:  Creating trust with your vendor is a lot like dating, it takes time, communication, and above all knowing what you want.

A relationship with a Cloud vendor built on a foundation of trust is a critical component to a mutually beneficial engagement for both parties.  While programs like FredRamp and countless other initiatives in the federal government have given incredible guidance & resources on how to select the right Cloud vendor (see the link to my PowerPoint presentation for more details on this), many still struggle with taking these recommendations and incorporating them into the vendor selection process.  In order to help ‘humanize’ the process and make it more relatable, I like to compare the process to dating.   A stretch?  You be the judge:


on Nov 01, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged 

Securing a BYOD Environment: Adopting a Comprehensive Approach

Jessica T Pohlonski

The federal bring-your-own-device (BYOD) strategy, a component of the federal digital strategy, is rapidly gaining ground. Having proven to increase efficiency and effectiveness, this movement, although not a mandate or policy, promises to be widely adopted at the federal level. In fact, a recent Forrester Consulting study indicates that 44% of employees now use smart phones at work; this is a 300% increase over the past three years. But despite its many benefits, this newly adopted ‘plan’, which allows for remote access to such things as the cloud and sensitive data, is causing tremendous security concerns among federal CISOs.  And as a result, we are now witnessing the need for a comprehensive BYOD security strategy that is multi-pronged in nature.

GTRA research with dozens of Federal IT leaders has identified three specific technologies which are at the core of a holistic approach to a mobile BYOD security strategy– MDM, NAC, and MAM – and will result in a truly secure BYOD environment.


on Nov 01, 2012 Posted by: Jessica T Pohlonski | Comment (0)
Tagged in: Untagged 

Securing the Federal IT Supply Chain: A Mammoth Task? Absolutely. An Impossibility? Absolutely Not.

Jessica T Pohlonski

Who said that securing our Federal IT supply chain was an impossibility? No one. But many -- from NASA to NIST -- are noting the tremendous challenges associated with such a feat.

The innovative and global nature of today’s IT environment, with its accelerated speed and vast scale, results in a very complex and diverse supply chain. This, coupled with the en-vogue purchasing of Commercial off-the-shelf (COTS) hardware and software makes the visibility and detectability of threats in the supply chain extremely difficult. The value chains alone in this process of creating and delivering a product/service can be up to 15 times removed from a department/agency. So the struggle doesn’t lie with understanding the primary contractor, it’s in knowing the end-to-end supply chain, with its endless contractors and subcontractors, and knowing exactly who along the way, ‘touches’ the product/service.


on Oct 04, 2012 Posted by: Jessica T Pohlonski | Comment (0)
Tagged in: Untagged 

Securing the New Federal IT Ecosystem: Contracts & Supply Chains

Parham Eftekhari

Abstract: As the Federal IT community moves deeper into the outsourced model, a CIO and their CISO’s security strategy must increasingly focus on contracts and supply chain management in order to mitigate their risk as buyers of commodity services

As the Federal IT community moves deeper into an outsourced model where applications, storage, networks, and services are procured from a myriad of providers and data is stored in a web of clouds and devices, the Federal IT Ecosystem has never been more complex. As a result of this decentralization, the threat of breaches and hacks has grown exponentially and CIOs are finding themselves with less control and reliant upon service providers who they must “trust” with security… a scary scenario for any executive to say the least. While the benefits and logic of this paradigm shift cannot be disputed, the priority of CIOs and their CISOs must now be on what they can do to mitigate their risk as buyers of what are increasingly becoming commodity services.


on Oct 04, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged 

Open Standard Protocols for VA Networks

Parham Eftekhari

GTRA would like to highlight a Memo from the VA CIO on “Open Standard Protocols for VA Networks”, which marks an important shift if the agency’s strategy and shows its commitment to innovative uses of technology to support our nations veterans while navigating todays fiscal climate.

 


on Sep 07, 2012 Posted by: Parham Eftekhari | Comment (1)
Tagged in: Untagged 

Key Takeaways from the June 2012 GTRA Council Meeting

Parham Eftekhari

With Keynote speakers from the CIO's of Energy and EPA, Defense Executives from the DCMO and DoD OCIO, and dozens of other C-level executives speaking and collaborating on how to build a more efficient government, this years GTRA Council Meeting was unanimously deemed a huge success. Here is a high-level recap of some of the main takeaways participants learned at this year's meeting:  

  • Efficiency Is a Team Sport:  While IT is one of the key enablers of achieving cost and productivity efficiency, make no mistake that true success requires the IT community to engage business leaders, system owners, end users and privacy offices to ensure success.  It takes effort and sometimes a change in culture, but make no mistake that this is critical to your success.
  • Mobility is Not a Strategy... it is the Norm:  Although wide scale mobile deployments are just now being realized in the government, executive must understand that the new generation of workers and citizens views mobility as a basic need, not a luxury.  This means that applications, systems and processes should be built first for mobile devices and then for the desktop environment.  Don't use security as an excuse to become a mobile organization.

  • Mange your Cloud Vendor - Don't let them Manage You:  Security in the Cloud starts with a trust-based relationship between you and your vendor.  Don't be afraid to demand access to security logs and incident reports in your contract and make sure contracts and SLAs are as detailed as possible.  The "Trust but Validate" model is the way to go to ensure your data, systems and networks are secure and your vendors are holding up their end of the bargain.
  • Security is our Frienemy:  Security is still the number one concern of executives who are deploying efficiency-achieving strategies like cloud, shared services, and mobility (and rightfully so!).  The good news is that with smart architecture, good contracts, and the right technologies, modernization can actually improve our security posture.  The secret ingredient here is time; do not rush into a deployment just to check off a box to show how cutting-edge you are.  Collaborate with internal and external leaders to map out all possible scenarios and plan for scalable, long-term solutions to ensure that the work we do today can grow and remain secure for years to come.
  • Make Sure You Know your Portfolio Before You Try to Modernize it:  Using existing tools and new technologies to get a grasp on your enterprise assets is the foundation on which efficiency efforts must begin.  We've begun to see EA and portfolio management become more and more of a priority for CIOs/CTOs as they begin to realize the power these strategies have in giving them visibility over their organization's assets.

The full Research Brief on the event is due to be published in a few weeks and will dive into greater detail on all these topics.  In the meantime, please check out the meeting website for post-event content, coverage and resources.  Thanks to all who supported us this year and we look forward to seeing you at our December 2 - 4, 2012 SecureGOV Council Meeting!


on Jun 28, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged 

1 in 2 people still don’t know Webcams can be hacked… another sign that we are failing in public education on cybersecurity

Parham Eftekhari

 

Summary: Despite high-profile media stories and even some arrests, a new study shows large numbers of people are still unaware that webcams can be hacked and used to spy on you! This statistic points to a more important problem where society is still not taking cyber security risks seriously… but what can we do to change that? 


on Jun 07, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged 

The Case for Big Bandwidth

Parham Eftekhari

Why the time is right for a massive network upgrade 


on Apr 04, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged 

GTRA Unfiltered: What Federal IT Executives are Talking About

Parham Eftekhari

A real-time snapshot of the most frequently made comments by federal IT executives, some of which may come as a surprise. 

on Feb 29, 2012 Posted by: Parham Eftekhari | Comment (0)

A Crash Course in Big Data

Parham Eftekhari

As I tweeted back in December 2011, Big Data is well on its way to becoming the buzz of 2012. Here is a quick 101 to get you up-to-speed!

on Feb 07, 2012 Posted by: Parham Eftekhari | Comment (0)
Tagged in: Untagged