DOD can benefit from private-sector cloud experience, say industry execs

The private sector has a lot of experience the Defense Department can exploit to speed efforts to secure computer networks from attack, industry leaders said Sept. 18.

As the Pentagon transitions to a cloud-based environment, private-sector experience in web filtering, identifying new malware, controlling the supply chain and managing the "bring-your-own-device" policy can be adapted for military use, industry executives told the Defense Systems Summit.

A study by the computer security firm Blue Coat found that the average business confronts some 5,000 threats per month, and the number of malicious websites has increased by 240 percent since 2010.

This has caused a shift in attitudes toward an emphasis on security over privacy, as clients realize that it's easier for security firms to block attacks if they have detailed information about which sites are being visited -- something people had been reluctant to share in the past, said Chris Larsen, leader of the malware research team at Blue Coat. "The more of your data I can see, the safer I can keep you," he said.

Cloud computing also allows system administrators to push web filtering, anti-malware and antivirus defenses to the edges of their networks, said Mike Wilkerson, a senior director for public-sector sales engineering at VMware, which specializes in cloud infrastructure. "We're taking a huge evolutionary step" toward better control of access points, he said.

These security measures can be built into a system as it is set up, added Duke Butler, principal systems architect for Brocade. "Shoehorning security on the back end of an operation is a bit harder than doing it upfront," he said. "We're very focused on securing the target."

Technology also exists in the commercial market to help safely integrate individual devices into the military network, such as software that can wipe a device clean if it's lost, or stolen, Susie Adams, chief technology officer for Microsoft's federal government business. "It's really about the device, the data on the device and the user that accesses the data on the device," she said.

 

About the Author

Charles Hoskinson is a contributing writer for Defense Systems.

Reader Comments

Thu, Sep 20, 2012

Regarding "It's really about the device, the data on the device and the user that accesses the data on the device," agreed we really should be looking at new ways of addressing the problem. This includes reduce the attack surface, using verified boot, not allowing any executables, limiting storing of sensitive data locally where it has been the most venerable historically, and using proven advance sandboxing techniques to better protect systems and data. Users should not worry at all about all this stuff. Persistent malware should not be allowed to exist on their devices just because they visited a website or opened an email attachment. To benefit from true commercial cloud computing capabilities and security advances, administrators should no longer have to push patches onsite trying to keep up, especially on certain Tuesdays every month. There needs to be a better model. The current one is clearly not working and is too costly, especially for O&M, in an era of constrained DoD budgets.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above