by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2015
Of course, the essential requirement for delivering new cloud, big data and mo- bile data services will be tougher security technologies and practices. In 2015, two powerful trends will shape the govern- ment cybersecurity agenda, say security experts. First, cybersecurity will increasingly be baked into platforms and software be- ing acquired and developed by agencies. This means that perimeter defenses – al- ready abandoned to the realm of what is necessary but inadequate – will receive less attention as cybersecurity becomes more integrated into the government in- frastructure. Second, cybersecurity will no longer be considered the exclusive domain of the CISO or the CSO. Instead, it will become a professional requirement for everyone responsible for IT services to the agency. “As a security vendor, we are ending up in conversations with the IT shop,” rather than just the security shop, said Ken Ammon, chief strategy officer for Xceedium, an identity management company. “Next year will be the year of convergence.” That outlook is backed up by a report by the National Association of State Chief Information Officers and consulting firm Deloitte that found as CISO responsi- bilities evolve to include risk and com- pliance, many CISOs are also becoming accountable to a range of other areas. “CIOs and state leaders need to consider creative ways of allocating and managing these expanding responsibilities,” said NACIO. The upshot: The new year will see an increased blending of security and opera- tions in IT. Meanwhile, the threats facing agencies are becoming more complex and seri- ous, continuing a multiyear trend toward stealthy, long-term attacks that are dis- covered only long after the damage has been done. The average time to discover a breach is now about 250 days, and most are discovered by a third party rather than by the victim, said Rob Roy, federal CTO for HP Enterprise Security Products. As these breaches are discovered, it is becoming clear that the human factor in security requires more attention to threats such as spearphishing and other forms of social engineering, which now are common vectors for malware. This problem is highlighted by the most recent Federal Employee Viewpoint Survey, which shows growing disengage- ment and dissatisfaction among govern- ment employees. The global satisfaction index was flat at a disappointing 59 per- cent for 2013, and IT specialists scored lowest on employee engagement and sat- isfaction. “It shouldn’t be a surprise when you see survey results like this,” Paul Christ- man, public sector vice president at Dell Software, said of the growing role of hu- mans in IT breaches. Cybersecurity re- quires a holistic approach that includes cost-effective training both for IT special- ists and for end users. CLOUD SECURITY The government’s security travails will also have an impact on demand for new tools and agency IT acquisition decisions. While the adoption of cloud comput- ing will continue to expand in 2015, the benefits of the hybrid cloud model – a combination of secure private cloud for sensitive data and critical functions and a more f lexible and economical public cloud for citizen-facing information – could be more attractive as administra- tors balance f lexibility with security. According to a pair of recent reports on cloud computing, improved security is a primary reason for moving to the cloud, with nearly two thirds of govern- ment respondents in a survey commis- sioned by General Dynamics Information Technology citing secure infrastructure as a top benefit. At a same time, a study by SafeNet found that IT security profes- sionals feel they are losing control of data in the cloud. These apparently conflicting results show that securing the cloud is possible and practical, but that greater empha- sis is needed on governance and estab- lishing policies for using and managing cloud computing. “There is no doubt” that use of everything the cloud has to offer will continue to expand, said SafeNet CSO Tsion Gonen. “That is not surprising.” However, to enable this continued up- take, cloud providers will develop better solutions for separated cloud functions, allowing better segregation of the man- agement of infrastructure and control of data. This will include a separate layer of cryptography managed exclusively by the cloud user to give more complete custody of data. “All cloud providers have or will offer this,” Gonen said. And while some experts see hybrid cloud solutions as a way to provide the necessary level of control necessar y to se- cure these more sophisticated functions, not everyone agrees. “ You hear a lot about hybrid cloud,” said Damian Whitham, senior director of cloud computing solutions and General Dynamics IT. But so far there has been little practical implementation of it. Gov- ernment has focused primarily on the pri- vate cloud, with some public cloud use, with only 27 percent of agencies using a hybrid model. “They are tr ying to crack the code of implementing it,” Whitham said. With much of the low-hanging fruit of cloud computing now gathered, agencies will be paying more attention to how to match business objectives with cloud of- ferings to achieve their goals of reducing IT costs, becoming more f lexible and ef- ficient, reducing their carbon footprints and ensuring the security and privacy of data. “ We need to get more stakeholders involved,” Whitham said. “Including the operational side, not just IT.” – William Jackson 2015 TECH FORECAST 30 GCN SEPTEMBER 2014 • GCN.COM 30 GCN JANUARY 2015 • GCN.COM cloud deployments, letting the ISP do the work in maintenance and updates,” he said. “And lot of organizations that first went with purchase of on-premise [apps and data] have switched to cloud.” – Patrick Marshall In 2015, a blending of IT security and operations 0115gcn_022-030.indd 30 1/13/15 11:36 AM
November and December 2014