Internet Security

FedRAMP’s Security Standards for Sensitive Data in the Cloud

Security is very important in cloud computing.

Security has always been an issue when it comes to cloud computing. It seems that naysayers are contending that if you get onto the cloud, your data will be at risk. However, security on the cloud has been beefed up over the years and even the Federal government is trusting putting sensitive information on the cloud now.

It begs the question: What does the federal government use to secure their data? We can get answers by taking a look at the draft security standards prepared by the Federal Risk and Authorization Management Program.

The new standards have one purpose: to protect the most sensitive unclassified data that the government keeps in cloud computing platforms. These are high-impact systems residing in the cloud, and the logical continuation to the government’s efforts to secure low and moderate impact systems. The security document would be a good start to see how disrupted systems would affect organizations, their operations and their assets.

High impact systems are those that are needed to support various agencies’ operations continuity including cyber critical infrastructure and other key resources.

The draft is FedRAMP’s first try and is the product of months of hard work. The team also worked with a variety of agencies to come up with the proposed requirements, including Defense, Homeland Security, Health and Human Services, Justice and Veterans Affairs. These departments are responsible for around 75 per cent of all high impact systems in the government. The requirements are based on the National Institute of Standards and Technology Special Publication 800-53, Revision 4.

Officials of Federal Risk and Authorization Management Program are now seeking comment on the proposal before the proposal is finalized at the end of this year. The initial call for comment would be for 45 days from the draft’s release on January 27. The second draft will then be released for another round of public comments before the final version is released, hopefully before 2015 ends.

Evolving

The draft and the subsequent final version will be the most comprehensive, rigorous and stringent set of cloud security standards, the FedRAMP says that the standards will continue to evolve. The current set of standards took its cue from final versions of standards for low baseline and moderate baseline systems as well as the FedRAMP controls launched in June 2014.

The proposed guidelines would be very important. This is the first document to give the industry a way to clarify how to implement security requirements for their systems. It also explains why certain security standards were chosen and why others were not. The high level of detail should spark conversations wherein the public and other stakeholders can point out which standards are missing and which are not necessary, along with a explanation for their opinions.   The public might also be able to give cost saving alternatives that would help agencies cut costs while achieving similar security outcomes.

If you do not want to wait and you want to fully secure your cloud deployments, call Four Cornerstone at 1 (817) 377 1144 today.

Four Cornerstone provides Oracle consulting in Dallas, helping you get the best in class Oracle products and software that helps you get on and take advantage of the cloud.

Photo by Chris Potter.

Uncategorized

Security Trends For 2024: SBOMs

A recent article on Forbes, linked below, lists five security trends that are likely to be important in 2024. Of course, AI-related security topics top...

Keep Reading

Uncategorized

Getting started with your first…

Anyone looking at writing their first Generative AI application should read this to save time. In June 2023, Google Cloud published a useful blog post,...

Keep Reading

Uncategorized

Read-Write and Read-Only query splitting…

Optimize the usage of the standby (secondary) read-only MySQL InnoDB Cluster servers by automatically and transparently distributing read-queries to them. A great feature in MySQL...

Keep Reading

Uncategorized

Considering Cloud Diversification?

Moving an enterprise to a Public Cloud can quickly feel like moving into a locked-in relationship with the Cloud vendor. One solution to diminish this...

Keep Reading

Uncategorized

Gartner: Global cloud consumption will…

Gartner forecasts that 2024 will see a 20% global cloud consumption increase from 2023 to $679B, while 2023 has seen an 18% increase from 2022...

Keep Reading

Uncategorized

ByteDance: Use AI for tuning…

ZDNet is reporting that a ByteDance (the maker of TikTok) Linux kernel developer has proposed to implement AI to tune the performance of Linux systems...

Keep Reading

AI Governance

What is AI TRiSM?

If reading now about AI TRiSM for the first time, it might be good read on and learn what it’s about because it leads the...

Keep Reading

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Live Chat | Emergency