by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
that protect from data breaches while also ensuring control of the data. QCybersecurity experts increasingly talk about the importance of situational awareness. What does this mean in the context of cybersecurity? What goes into developing situational awareness? ASituational awareness in general deals with environmental variables related to time and space. As an example, think of Y2K. There is the potential for attackers to exploit a weakness in a computer system or a particular organization during a speci c timeframe. In cybersecurity, situational awareness relies on security best practices being baked into an agency s daily operations. That means being prepared, as well as having very good real-time security intelligence. There are a number of vendors that provide security intelligence through logging and reports, allowing agencies to make solid decisions in defending against cyber attacks. It is prudent to look at technology solutions that protect sensitive data no matter where it lives, as point solutions by their very nature provide only limited visibility. Once you ve got that base infrastructure to work with, then it s about getting data that s relevant to the situation in question. This fundamental approach to data security allows organizations to protect what matters. QWhat is being done to spur the development of cybersecurity innovation? What are some of the areas of research that appear to be most promising? AWe ve already talked about APTs. That might seem like it s a little bit in the rearview mirror, but it s not --- there is a lot happening there, a great deal of research is going into how we can prevent these attacks from occurring. There s also a lot of innovation happening in the area of encryption and key management technology. If we really can focus on the data, which could be in a le, in a database, or in an application, and apply the appropriate policies to that data -- no matter where it resides -- we will take quite a large leap forward in how we protect sensitive information. We are also seeing signi cant innovation in security solutions that enable agencies to con dently transition to the cloud while still leveraging many of their traditional infrastructure investments. Lastly, we re seeing quite advanced data security offerings that do not sacri ce application performance or create additional management complexity. QMany experts continue to worry about the long- term development of the cybersecurity workforce in the federal space. What is being done to address these concerns? AIn the last four or ve years, I have seen a lot more interest in being able to leverage commercial off-the- shelf (COTS) products and services. What if you could implement a COTS version of smart cards in a secret or top-secret environment? Not starting from scratch is really the notion here. I ve talked to several people in government who are trying to take advantage of things like Amazon Web Services or any other leading cloud infrastructure provider. Amazon has that incredible scale, and they don t want to build out that whole infrastructure again. They can use Amazon to get 80 or 90 percent of the way, and then apply the speci cs for their government agency. The cloud security vendors have sophisticated enough solutions to provide the required security for data in both public and private clouds. It s really about relying on commercial organizations to get them most of the way there, and freeing up their own workforce and resources to focus on what they really need to worry about. The public and private-sector should continue to collaboratively work on information sharing and risk management, and promote cybersecurity awareness. In the end, it s about providing a high degree of control and sophistication in an elegant manner to protect the sensitive data that matters. For Vormetric, that s data security simpli ed!