Secure Cloud SolutionsOpen Government Forum

Abu Dhabi28-30 April 2014

Karl Chambers CISSP PMPPresident/CEO

Diligent eSecurity International

The e-Government Challenge

Securely delivering high-quality digital government information and services utilizing cloud IT solutions: • Anywhere• Anytime• On any device

Three Key Principles to a Secure Cloud Solution

• Design and Build it Securely• Operate it Securely• Always Encrypted Data

Design and Build it Securely Using• Cloud Risk Management Framework

(CRMF)• Federal Risk and Authorization

Management Program (FedRAMP)

Design and Build it Securely Using

• Cloud Risk Management Framework (CRMF)Step 1:Categorize the Cloud SolutionStep 2: Identify Security Controls to Protect the Cloud SolutionStep 3: Implement the Selected Security Controls in the Cloud Security ArchitectureStep 4: Assess the Security Controls of the Cloud Solution using the FedRAMP processStep 5: Authorize the use of the Cloud SolutionStep 6: Monitor the Cloud Solution Continually

Design and Build it Securely Using

• Federal Risk and Authorization Management Program (FedRAMP)

Three Key Principles to a Secure Cloud Solution

• Design and Build it Securely

•Operate it Securely• Always Encrypted Data

Operate it Securely Using Automated Continuous Security Monitoring • Automated Continuous Security Monitoring is a risk

management approach to Cybersecurity that:• Maintains a picture of an organization’s security posture• Provides continuous visibility into information assets• Leverages use of automated data feeds and data

analytics• Monitors effectiveness of security controls• Enable prioritization of remedies.

Automated Continuous Security Monitoring (ACSM) Case Study – US Department of State• ACSM Tool: Analytics and Continuous monitoring Engine (ACE) solution from Virtustream• ACE receives and analyzes continuous inputs from:

• Asset Management• Vulnerability Scanners• Patch Management• Event Management• Incident Management• Malware Detection• Configuration Management• Network Management • License Management • Information Management• Software Management

• ACE provides continuous risk updates to management dashboard.

Three Key Principles to a Secure Cloud Solution

• Design and Build it Securely• Operate it Securely

•Always Encrypted Data

Always Encrypted Data • In transit between systems and locations • Stored in the cloud

QuestionsKarl Chambers PMP CISSP

President/CEODiligent eSecurity International, Inc.

1954 Airport RoadSuite 233

Atlanta, Ga 30341Karl.chambers@desintl.com

01-678-591-7764