The Myth of Cloud Insecurity

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

Telos Corporation CEO and Chairman of the Board John Wood addresses cloud security in his new guest blog. Wood will be moderating the State of Cloud Security and Compliance panel at the Capital Cybersecurity Summit on Nov. 14-15 at The Ritz-Carlton, Tysons Corner.


John-WoodIt’s not exactly clear when the term “cloud” was first used to describe shared pools for configurable IT resources. However, it’s safe to say that it started creeping into our lexicon less than ten years ago.

Back then, the official definition of cloud was even less clear than it is today. Regardless of what the cloud actually was, this mysterious cloud entity was widely assumed to be unsafe.

That said, even from the beginning, I saw that the cloud offered many security advantages, especially to smaller companies that couldn’t afford to make infrastructure investments and hire many highly-skilled staff to manage complex IT systems in their own on-premises data centers. Still, doubts about cloud security swirled.

But in 2014, a crazy thing happened. Defying conventional wisdom, the CIA, arguably the most security conscious organization in the world, announced their plan to work with Amazon Web Services (AWS) to adopt commercial cloud services. Shortly thereafter, C2S was born.

Even though countless other agencies had already adopted the cloud by 2014 – the CIA and C2S gave the cloud instant credibility. It made federal agencies and highly-regulated commercial organizations realize that if cloud technology is good enough, and secure enough for the CIA, then it must be secure enough for them. Granted, the C2S is an isolated environment, it was noteworthy that CIA made the often trumpeted “cloud first” policy a reality.

AWS recognized early on that security was important to ensure continued, widespread adoption of cloud services. For this purpose they introduced a shared responsibility model to help explain the security benefits you derive simply by hosting your workloads within AWS. Under this model, the customer is responsible for security in the cloud, and AWS is responsible for security of the cloud.

Not only does this shared responsibility model help address a number of security questions, especially in the areas of infrastructure and physical security, it also helps clients demonstrate compliance requirements more quickly and efficiently, because they can inherit results directly from AWS.

AWS certainly isn’t the only cloud service provider (CSP) in the game – Azure and Google also understand how important the message of cloud security and compliance is to drive further cloud adoption.

Despite all of this it is essential for organizations to understand the potential security pitfalls of cloud adoption. It’s essential to know where your cloud service provider responsibility stops and customer responsibility starts. There have been a number of recent breaches resulting from unsecured cloud-based database deployments. Customers need to understand, and take seriously, their responsibility in protecting their systems, their applications and their data.

The cloud has come a long way over the last ten years. Much progress has been made to enhance security and promote these security and compliance benefits. However, there is still work to be done to address lingering security concerns, questions and perceptions to help drive even broader adoption of cloud services.

If you’d like to hear what CSPs have to say about the myth of cloud insecurity, join me on Wednesday, November 15 at NVTC’s Capital Cybersecurity Summit. I will be moderating a panel that will discuss the current state of cloud security and compliance, featuring prominent voices from the big three cloud providers: Google, Microsoft and AWS. I hope to see you there!

Share and Enjoy


FacebookTwitterDeliciousLinkedInStumbleUponAdd to favoritesEmailRSS

from http://ift.tt/2iR1aAR

Northern Virginia Digital Marketing Agency

Advertisements

The Myth of Cloud Insecurity

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

Telos Corporation CEO and Chairman of the Board John Wood addresses cloud security in his new guest blog. Wood will be moderating the State of Cloud Security and Compliance panel at the Capital Cybersecurity Summit on Nov. 14-15 at The Ritz-Carlton, Tysons Corner.


John-WoodIt’s not exactly clear when the term “cloud” was first used to describe shared pools for configurable IT resources. However, it’s safe to say that it started creeping into our lexicon less than ten years ago.

Back then, the official definition of cloud was even less clear than it is today. Regardless of what the cloud actually was, this mysterious cloud entity was widely assumed to be unsafe.

That said, even from the beginning, I saw that the cloud offered many security advantages, especially to smaller companies that couldn’t afford to make infrastructure investments and hire many highly-skilled staff to manage complex IT systems in their own on-premises data centers. Still, doubts about cloud security swirled.

But in 2014, a crazy thing happened. Defying conventional wisdom, the CIA, arguably the most security conscious organization in the world, announced their plan to work with Amazon Web Services (AWS) to adopt commercial cloud services. Shortly thereafter, C2S was born.

Even though countless other agencies had already adopted the cloud by 2014 – the CIA and C2S gave the cloud instant credibility. It made federal agencies and highly-regulated commercial organizations realize that if cloud technology is good enough, and secure enough for the CIA, then it must be secure enough for them. Granted, the C2S is an isolated environment, it was noteworthy that CIA made the often trumpeted “cloud first” policy a reality.

AWS recognized early on that security was important to ensure continued, widespread adoption of cloud services. For this purpose they introduced a shared responsibility model to help explain the security benefits you derive simply by hosting your workloads within AWS. Under this model, the customer is responsible for security in the cloud, and AWS is responsible for security of the cloud.

Not only does this shared responsibility model help address a number of security questions, especially in the areas of infrastructure and physical security, it also helps clients demonstrate compliance requirements more quickly and efficiently, because they can inherit results directly from AWS.

AWS certainly isn’t the only cloud service provider (CSP) in the game – Azure and Google also understand how important the message of cloud security and compliance is to drive further cloud adoption.

Despite all of this it is essential for organizations to understand the potential security pitfalls of cloud adoption. It’s essential to know where your cloud service provider responsibility stops and customer responsibility starts. There have been a number of recent breaches resulting from unsecured cloud-based database deployments. Customers need to understand, and take seriously, their responsibility in protecting their systems, their applications and their data.

The cloud has come a long way over the last ten years. Much progress has been made to enhance security and promote these security and compliance benefits. However, there is still work to be done to address lingering security concerns, questions and perceptions to help drive even broader adoption of cloud services.

If you’d like to hear what CSPs have to say about the myth of cloud insecurity, join me on Wednesday, November 15 at NVTC’s Capital Cybersecurity Summit. I will be moderating a panel that will discuss the current state of cloud security and compliance, featuring prominent voices from the big three cloud providers: Google, Microsoft and AWS. I hope to see you there!

Share and Enjoy


FacebookTwitterDeliciousLinkedInStumbleUponAdd to favoritesEmailRSS

from http://ift.tt/2iR1aAR

Northern Virginia Digital Marketing Agency

Preliminary report cites confusion, ignored warnings in Charlottesville unrest

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

WASHINGTON — A preliminary report says Charlottesville officials did not apply recommendations from Virginia State Police and emergency officials, “including industry best practices for handling violent events,” before and during the deadly violence at an Aug. 12 white supremacist rally.

The state’s progress report was presented to Gov. Terry McAuliffe’s Task Force on Public Safety Preparedness and Response to Civil Unrest on Thursday. The International Association of Chiefs of Police is assisting in compiling the state’s after-action review.

According to the preliminary report, Charlottesville officials did not implement many recommendations after the Virginia Fusion Center concluded “that participants were planning to be aggressive/violent,” and despite state analysts’ “concerns of mass casualty event, including (a) car attack.”

Counter-protester Heather Heyer was killed when a car, allegedly driven by white nationalist James Alex Fields, plowed into people opposing the “Unite The Right” march. Fields is charged with second-degree-murder, hit and run, and several counts of malicious wounding.

“There were multiple command posts, leading to a lack of good quality information flow across agencies, disciplines and policy makers,” according to the report. “The full capacity of VDEM was underutilized. The regional Incident Management Team was not activated until 3 days prior to the event.”

Before future events, the state report recommends tabletop training exercises involving all agencies, rather than each agency solely practicing for its own duties.

Another after-action report, requested and paid for by the city of Charlottesville, is being headed by former federal prosecutor Tim Heaphy.

“We do not anticipate releasing any interim report or preliminary findings,” said Heaphy, in an email. “We intend to complete our review and issue a fulsome account of the several protest events, and make recommendations for improved handling of such events in the future.”

Heaphy said his report will be completed by the end of the year.

WTOP is seeking comment from Charlottesville officials about the conclusions and recommendations in the state’s progress report.

The post Preliminary report cites confusion, ignored warnings in Charlottesville unrest appeared first on WTOP.

from http://ift.tt/2iNkYVR

Digital Marketing Agency in Northern Virginia

2017 Cybersecurity SitRep: The Human Element Remains the Greatest Threat

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

National security is now the number one security concern for Americans, according to the recently-released global 2017 Unisys Security Index, replacing financial security as the top fear from the 2014 survey. Americans’ concerns about internet security, specifically viruses and hacking, rose most dramatically over the last three years, coming in as the number two security concern in this year’s index.

In a world more interconnected by technology than ever, the cyber threat landscape has never been more daunting. Alarmingly, one in three website visitors last year were attack bots and over 94 percent of 100,000 websites analyzed over a 90-day survey period experienced at least one bot attack, according to Imperva’s Bot Traffic Report 2016. Companies and agencies at the frontline of protecting the country and consumers from cyber-attack face countless challenges beyond the cybersecurity threats themselves.

2017 Cybersecurity Infographic v102317

NVTC 2017 Cybersecurity SitRep

NVTC’s newest infographic provides an updated look into NVTC members’ cybersecurity hiring and resource allocation trends while reiterating the key takeaway of last year’s cyber infographic: The human element exposes us to the greatest cyber risk, from cyber talent to employee training to insider threats.

Acquiring top cyber talent remains a priority to NVTC members, with 50 percent reporting they will hire cyber professionals over the next 12 months, a five percent decrease from last year. Employee training is the single greatest focus for our members with 50 percent reporting it as their greatest cyber resource allocation, while 42 percent are targeting a technical solution first. The human element – both human error and insider threats – was acknowledged as the greatest cyber threat facing the country today.

Cybersecurity Talent Gap Continues to Widen in 2017

Organizations are experiencing tremendous difficulties filling cybersecurity positions and retaining skilled talent in these positions. By 2022, it is predicted there will be a shortfall of 1.8 million cybersecurity professionals in the U.S. In Greater Washington alone, there are over 44,000 open cybersecurity positions.

The 50 percent of NVTC members reporting cyber hiring needs are in stiff competition to attract the cyber talent with the experience, skills and certifications they require to be competitive in today’s marketplace. Local tech employers are looking for creative ways to engage new talent pools to fill their cyber workforces, using models such as NVTC’s own Tech Talent Employer Collective, which uses the U.S. Chamber of Commerce Foundation’s Talent Pipeline Management methodology to put employers into the driver’s seat, setting the workforce development requirements around shared employer needs.

Cybersecurity Venture Funding In the Region Remains Steady

While it is unlikely we will again see cyber ventures play such an outsized role in venture funding such as in 2015 when 46 percent of all funding went to cybersecurity services and products, a steady stream of cyber venture funding continues in Greater Washington, with $210 million collected in calendar year 2016 and $173.2 million from Q4 2016 through Q3 2017.

This support network, including incubators and innovators from MACH37 to In-Q-Tel to CYBERCOM at Ft. Meade, enables a community with innovation capacity and the agility to rapidly evolve to meet the ever-growing cyber threat.

Evolving Cyber Threat Vectors

Internet crimes reported to the FBI’s Internet Crime Complaint Center (IC3) in 2016 represented more than $1.3 billion in losses. Those nearly 300,000 reported crimes are only estimated to be 15 percent of all internet crimes that took place. This year’s numbers so far show that things continue to rise – distributed denial of service (DDoS) attacks alone showed a 380 percent increase in Q1 2017 over Q1 2016.

Even with the rise of more sophisticated bot attacks and ransomware, 63 percent of NVTC members rank the human element as the cyber threat requiring their greatest focus. A recent study on email threats estimates that one in four emails appearing to come from a dot-gov domain is a phishing attempt and three out of four organizations reported being the victim of a phishing attack in 2016.

The threat landscape seems even more ominous when you add in the increasing sophistication of the methods used in spear phishing, a more targeted attack that often spoofs more realistic identities known to the victim; the days of being asked to help move royal gold reserves out of Africa are being replaced by seemingly innocuous requests from “Randy in accounting” to take a look at an attached spreadsheet. Despite this increasing threat, progress is being made through awareness and training programs teaching how to stay secure and safe in the current environment, an approach being adopted by all industry sectors, not just IT.

Community Threats Need a Community Response

We are lucky to reside in the nation’s cyber capital, where the resources and environment support cyber innovation and where the nation’s most qualified cyber workforce lives and works. Perhaps Greater Washington’s biggest advantage in cybersecurity is the collaboration happening in the region. Each day stakeholders from the private, public, incubator and academic communities come together to work on the biggest cyber threats.

To deepen cyber collaboration in the region, NVTC will be hosting the second annual Capital Cybersecurity Summit on November 14-15, 2017 at The Ritz-Carlton, Tysons Corner. At the Summit, the nation’s cyber leaders will share their unique insights and best practices into topics such as attracting top cyber talent, cloud security, cyber risk management, strengthening cybersecurity through public-private partnerships and more. Attendees will have unmatched networking opportunities to discuss their latest innovations and the cyber challenges they face. Get the latest Summit agenda here.

View NVTC’s 2017 cybersecurity infographic at http://ift.tt/2z6iqbv

Share and Enjoy


FacebookTwitterDeliciousLinkedInStumbleUponAdd to favoritesEmailRSS

from http://ift.tt/2z6isjD

Northern Virginia Digital Marketing Agency

2017 Cybersecurity SitRep: The Human Element Remains the Greatest Threat

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

National security is now the number one security concern for Americans, according to the recently-released global 2017 Unisys Security Index, replacing financial security as the top fear from the 2014 survey. Americans’ concerns about internet security, specifically viruses and hacking, rose most dramatically over the last three years, coming in as the number two security concern in this year’s index.

In a world more interconnected by technology than ever, the cyber threat landscape has never been more daunting. Alarmingly, one in three website visitors last year were attack bots and over 94 percent of 100,000 websites analyzed over a 90-day survey period experienced at least one bot attack, according to Imperva’s Bot Traffic Report 2016. Companies and agencies at the frontline of protecting the country and consumers from cyber-attack face countless challenges beyond the cybersecurity threats themselves.

2017 Cybersecurity Infographic v102317

NVTC 2017 Cybersecurity SitRep

NVTC’s newest infographic provides an updated look into NVTC members’ cybersecurity hiring and resource allocation trends while reiterating the key takeaway of last year’s cyber infographic: The human element exposes us to the greatest cyber risk, from cyber talent to employee training to insider threats.

Acquiring top cyber talent remains a priority to NVTC members, with 50 percent reporting they will hire cyber professionals over the next 12 months, a five percent decrease from last year. Employee training is the single greatest focus for our members with 50 percent reporting it as their greatest cyber resource allocation, while 42 percent are targeting a technical solution first. The human element – both human error and insider threats – was acknowledged as the greatest cyber threat facing the country today.

Cybersecurity Talent Gap Continues to Widen in 2017

Organizations are experiencing tremendous difficulties filling cybersecurity positions and retaining skilled talent in these positions. By 2022, it is predicted there will be a shortfall of 1.8 million cybersecurity professionals in the U.S. In Greater Washington alone, there are over 44,000 open cybersecurity positions.

The 50 percent of NVTC members reporting cyber hiring needs are in stiff competition to attract the cyber talent with the experience, skills and certifications they require to be competitive in today’s marketplace. Local tech employers are looking for creative ways to engage new talent pools to fill their cyber workforces, using models such as NVTC’s own Tech Talent Employer Collective, which uses the U.S. Chamber of Commerce Foundation’s Talent Pipeline Management methodology to put employers into the driver’s seat, setting the workforce development requirements around shared employer needs.

Cybersecurity Venture Funding In the Region Remains Steady

While it is unlikely we will again see cyber ventures play such an outsized role in venture funding such as in 2015 when 46 percent of all funding went to cybersecurity services and products, a steady stream of cyber venture funding continues in Greater Washington, with $210 million collected in calendar year 2016 and $173.2 million from Q4 2016 through Q3 2017.

This support network, including incubators and innovators from MACH37 to In-Q-Tel to CYBERCOM at Ft. Meade, enables a community with innovation capacity and the agility to rapidly evolve to meet the ever-growing cyber threat.

Evolving Cyber Threat Vectors

Internet crimes reported to the FBI’s Internet Crime Complaint Center (IC3) in 2016 represented more than $1.3 billion in losses. Those nearly 300,000 reported crimes are only estimated to be 15 percent of all internet crimes that took place. This year’s numbers so far show that things continue to rise – distributed denial of service (DDoS) attacks alone showed a 380 percent increase in Q1 2017 over Q1 2016.

Even with the rise of more sophisticated bot attacks and ransomware, 63 percent of NVTC members rank the human element as the cyber threat requiring their greatest focus. A recent study on email threats estimates that one in four emails appearing to come from a dot-gov domain is a phishing attempt and three out of four organizations reported being the victim of a phishing attack in 2016.

The threat landscape seems even more ominous when you add in the increasing sophistication of the methods used in spear phishing, a more targeted attack that often spoofs more realistic identities known to the victim; the days of being asked to help move royal gold reserves out of Africa are being replaced by seemingly innocuous requests from “Randy in accounting” to take a look at an attached spreadsheet. Despite this increasing threat, progress is being made through awareness and training programs teaching how to stay secure and safe in the current environment, an approach being adopted by all industry sectors, not just IT.

Community Threats Need a Community Response

We are lucky to reside in the nation’s cyber capital, where the resources and environment support cyber innovation and where the nation’s most qualified cyber workforce lives and works. Perhaps Greater Washington’s biggest advantage in cybersecurity is the collaboration happening in the region. Each day stakeholders from the private, public, incubator and academic communities come together to work on the biggest cyber threats.

To deepen cyber collaboration in the region, NVTC will be hosting the second annual Capital Cybersecurity Summit on November 14-15, 2017 at The Ritz-Carlton, Tysons Corner. At the Summit, the nation’s cyber leaders will share their unique insights and best practices into topics such as attracting top cyber talent, cloud security, cyber risk management, strengthening cybersecurity through public-private partnerships and more. Attendees will have unmatched networking opportunities to discuss their latest innovations and the cyber challenges they face. Get the latest Summit agenda here.

View NVTC’s 2017 cybersecurity infographic at http://ift.tt/2z6iqbv

Share and Enjoy


FacebookTwitterDeliciousLinkedInStumbleUponAdd to favoritesEmailRSS

from http://ift.tt/2z6isjD

Northern Virginia Digital Marketing Agency

Northam, Gillespie get record cash before Election Day

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

RICHMOND, Va. (AP) — The two major-party candidates in the nation’s marquee gubernatorial contest are getting record amounts of cash in the final weeks of the campaign.

Campaign finance reports filed late Monday show Republican Ed Gillespie and Democrat Ralph Northam combined to raise more than $20 million between Oct. 1 and Oct. 26 in their race to become Virginia’s governor.

Northam raised $11 million and ended the period with $1.7 million on hand. Gillespie raised $9.7 million and reported $1.4 million in the bank.

The Republican Governors Association and the Democratic Governors Association were the biggest donors, combining to put in about $8 million.

Virginia has the only competitive gubernatorial contest this year, and the campaign is being closely watched for clues about President Donald Trump’s political popularity.

Election Day is Nov. 7.

The post Northam, Gillespie get record cash before Election Day appeared first on WTOP.

from http://ift.tt/2gZiFP5

Digital Marketing Agency in Northern Virginia

Shooting suspect says football player tried to rob him

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

NORFOLK, Va. (AP) — A man charged in the fatal shooting of a Norfolk State University football player told authorities that the victim tried to rob him.

Twenty-two-year-old Jaquan Anderson, a former member of Norfolk State’s football team, is charged with second-degree murder in the Friday shooting of 18-year-old Nicholas Ackies.

Anderson was arraigned on Monday and is being held without bond.

The Virginian-Pilot reports that Anderson told a 911 dispatcher that he shot Ackies after his friend tried to rob him.

The post Shooting suspect says football player tried to rob him appeared first on WTOP.

from http://ift.tt/2z16wjM

Digital Marketing Agency in Northern Virginia

Charges dismissed against several arrested after KKK protest

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

CHARLOTTESVILLE, Va. (AP) — A Virginia judge has dismissed charges against nine counterprotesters arrested during a Ku Klux Klan rally in Charlottesville.

About 50 members of the North Carolina-based Loyal White Knights were met by more than 1,000 protesters when they came to Charlottesville on July 8 to protest the removal of a statue of Confederate Gen. Robert E. Lee.

A month later, white nationalists returned and violence erupted. One counterprotester was killed and two state troopers died when their helicopter crashed.

The defendants who appeared in court Monday were charged during the first protest with obstructing free passage and failing to heed police commands to disperse. Two others pleaded guilty to obstruction of justice and were ordered to perform 40 hours of community service. Three other cases were continued.

The post Charges dismissed against several arrested after KKK protest appeared first on WTOP.

from http://ift.tt/2gX99fc

Digital Marketing Agency in Northern Virginia

Deadline to request absentee ballot in Virginia

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

RICHMOND, Va. (AP) — Tuesday is the last day Virginia voters can ask for an absentee ballot to be mailed to them.

Voters have until 5 p.m. Tuesday to request a ballot for the Nov. 7 election.

Virginia is one of only two states electing a new governor this year. Republican Ed Gillespie, Democrat Ralph Northam and Libertarian Cliff Hyra are vying to replace outgoing Gov. Terry McAuliffe, who cannot seek a second term.

Voters have until Nov. 4 to request an absentee ballot in person. To vote absentee, voters must have a valid reason and in some cases provide supporting information.

Absentee ballots can be requested online at http://ift.tt/1sPskXa

The post Deadline to request absentee ballot in Virginia appeared first on WTOP.

from http://ift.tt/2z16f0e

Digital Marketing Agency in Northern Virginia

Lawmaker preparing bill for marijuana decriminalization

Grow Your Business in Northern Virginia with digital marketing services from The W Agency

RICHMOND, Va. (AP) — A Virginia lawmaker says he’s working on a bill to decriminalize marijuana.

The Virginian-Pilot reported Monday that Senate majority leader Tommy Norment does not support full legalization of the drug. But the Republican said possessing it would be a civil offense subject to a ticket or a fine.

Norment’s comments followed the release of a State Crime Commission study that said decriminalizing marijuana would prevent more than 10,000 arrests every year in Virginia.

The commission takes no position on changing the state’s marijuana laws. But the commission could vote on a recommendation to lawmakers later this year, setting up a likely debate in the 2018 legislative session.

Commission staff outlined the study on Monday. They said police arrested more than 133,000 people on first-offense marijuana charges in the last decade.

___

Information from: The Virginian-Pilot, http://pilotonline.com

The post Lawmaker preparing bill for marijuana decriminalization appeared first on WTOP.

from http://ift.tt/2z20BL0

Digital Marketing Agency in Northern Virginia