Lee Neely

Lee Neely is a senior IT and security professional at LLNL with over 30 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. He currently leads LLNL’s Entrust team and is the CSP lead for new technology adoption specializing in mobility. He teaches cyber security courses, and holds several security certifications including GMOB, GPEN, GWAPT, GAWN, CISSP, CISA, CISM and CRISC. He is also the past President for the ISC2 Eastbay Chapter, Member of the SANS NewsBites Editorial Board and SANS Analyst. You can keep up with Lee @lelandneely http://www.linkedin.com/in/leeneely/

Moving to the Cloud – it’s a FedRAMP world…. or is it?

Since 2011, DHS has said Cloud First in an effort to drive cloud adoption. Now that directive has changed to Cloud Smart to accelerate cloud use in the federal government which results in multiple initiatives to move services to cloud based solutions. As part of that you need policies and processes to collect and categorize information about both the service and the data to be processed by that service, standard contract language, as well as standardized practices and solutions necessary to meet or exceed controls.

I will be discussing the nitty gritty of working in an accelerated push to the could. Some of the big hurdles that apply to commercial as well as public sector entities, the reality of working within the frameworks provided by OMB Max, NIST and PMOs. Mandated controls such as a Trusted Internet Connection (TIC), using PIV for authentication, endpoints running in FIPS mode, integration with identity management systems, and federated authentication.
Integration with the business processes needs to not only include back-end systems but also operational controls from access and privilege management to incident response, security operations center and possibly forensics capabilities.

The attendees should come away with some ideas on ways to improve their cloud readiness as well as some pitfalls to avoid to facilitate the rapid migration to the cloud successfully and securely. Also they should understand the benefits and pitfalls  of FedRAMP versus commercial cloud offerings and a “right to audit” clause.