Monday, March 17, 2014

Author and Tech Strategist Melvin Greer Profiled by WashingtonExec

Congratulations to my NCOIC colleague and dear friend Melvin Greer on his impressive WashingtonExec interview.

A senior fellow and chief strategist at Lockheed Martin, Mel has more than 29 years’ experience in systems and software engineering and is a recognized expert in Service Oriented Architecture, Cloud Computing and Predictive Analytics. His research fields include Nanotechnology, Synthetic Biology and Gamification. His new book, “21st Century Leadership: Harnessing Innovation, Accelerating Business Success”  is book centered on leadership and its relationship to business. Mel also leads The Greer Institute, a nonprofit, nonpartisan think tank. The institute is organized for educational research and scientific application of Greer’s theories on leadership and innovation and addresses society’s related problems.

In the interview, Mel explains the tight linkage between innovative leaders and the development of a strong workforce. He also addresses how future leaders are developed via a robust science, technology, engineering and math (STEM) and arts (STEAM) pipeline. In the book, he drills down to illuminate what makes leaders so good at innovation and talent, and describes how to move an innovation strategy from “chasing shiny objects” to a powerful, sustainable cultural change and create a magnet for great talent.

Bookmark and Share

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Wednesday, March 12, 2014

IT Risk Management Summit - March 26, 2013 - Reston, VA response to growing demand for formal software risk and quality management tools, the nations’ most respected standards bodies and IT communities of practice have joined forces to advance the state of the practice in software quality management. 
Hosted by the Consortium for IT Software Quality (CISQ), and in cooperation with Object Management Group, Software Engineering Institute, Interoperability Clearinghouse, IT Acquisition Advisory Council, a leadership forum will be held on March 26th in Reston, Virginia. The goal of this intensive one day event is to provide both IT practitioners and leaders insights into emergent industry standards of practices and case studies needed to mitigate common software vulnerabilities and risk. Examples from both a development and acquisition management perspectives will be addressed.
Selected topics will focus on emerging standards and best practices in measuring risk and quality in IT intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. The discussion will be expose emerging methods and tools of incorporating such standard metrics into the IT software development, sustainment and acquisition processes.

I am personally honored to be participating in this important forum.

Topic: Improving System Development & Sustainment Outcomes with Software Quality and Risk Measurement Standards
Date: March 26thth, 0900-1600 followed by Cocktail Social
Location: HYATT Reston Town Center, Reston, VA

CISQ Program Agenda

0800-0900       Registration
Morning Segment: System Engineering Practices
0900-0915       Introductions
Dr. Bill Curtis, CISQ; Kevin Jackson, IT-AAC
0915-1000       Sizing and Estimating Software Risk (can’t manage what you can’t measure)
Lead: Mike Harris, DCG
Terry Mitchell, Army G2 Sr Advisor (invited)
Neal Ziring, NSA IAD TD (invited)
1015-1100       Advances in Information Assurance Standards
Lead: Robert Martin, Mitre
Don Davidson, OSD CIO (invited)
Dr. Chris Greer, NIST (invited)
1115-1200       Lessons Learned in Health IT Security and Interoperability
Leads: John Keane, Military Health Systems
Dave Bowen, DHA CIO (invited)
Don Johnson, OSD ATL iEHR Lead (invited)
1200-1300       Lunch
Afternoon Segment: IT Risk Management for National Security Programs
1300-1315       Introduction
MajGen John Brennan, USAF ret, Executive Director, IT-AAC
1315-1400       Keynotes
                        Facilitator: John Weiler, CIO Interop. Clearinghouse
Kevin Meiners, DNI Director of Acquisition Technology and Logistics
1415-1500       Business Drivers for Agile Methods Used in Measuring Risk and Quality
Facilitator: Harry Levinson, SEI
Col Bruce Lyman, AF A2 (invited)
Terry Mitchel, Army G2 (invited)
Richard Hale, DOD CIO (invited)
1515-1600       IT Risk and Acquisition Challenges in National Security Programs
Facilitator: Bill Greenwalt, VP Acquisition, AEI (invited)
General Kirk Vollmecke, Army ASA ALT (invited)
General Mike Basla, AF A6/CIO (invited)
OSD OT&E, J. Michael Gilmore, Director (invited)

For more information on this program, contact:

Sam Somashekar, CISQ Program Manager,
Phone: 917-843-4708

Bookmark and Share

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Monday, March 10, 2014

PerspecSys Survey Reveals Cloud-based Security Concerns for 2014

Today PerspecSys announced the results of a survey conducted at the 2014 RSA Conference concerning the attitudes and policies of organizations towards cloud-based security. After polling 130 security professionals on the show floor of the RSA Conference, PerspecSys found that “an overwhelming 74 percent believe security for cloud-based data in 2014 will be a bigger concern than securing data on-premise. In fact, 66 percent of security pros still view the cloud as more difficult to secure than on-premise options.”

The survey found the following opinions concerning cloud security:

  •  66% felt that cloud-based data is much more difficult to secure than on the premises
  • 18% felt that securing data on the cloud is no different than securing data on the premises
  • 16% felt that cloud-based data is less difficult to secure than on the premises

When asked if their organization has security protocols in place for cloud applications:

  • 69% answered yes
  • 31% answered no

The survey asked if their organizations allow employees to access corporate cloud environments from their personal mobile devices:

  • 54% said yes, we have a policy to follow
  • 28% said no, but employees do it anyway
  • 17% said no, we are not allowed or unable to access corporate cloud environments 

When asked does your organization use encryption or tokenization technologies to secure sensitive information in the cloud:

  • 36% use encryption
  • 34% don’t use encryption or tokenization
  • 24% use encryption and tokenization
  • 6%   use tokenization

The survey also questioned if revelations regarding the government’s access to cloud data change their willingness to employ cloud services:
·         44% said that it had no effect
·         28% said they are less likely to use the cloud
·         25% said they are more likely to use the cloud
·         4%   said regardless, they will never use the cloud

Companies need to be more proactive with cloud security

Although consumers are definitely shifting towards cloud applications, the survey results revealed that many organizations still need to take the proper steps to secure their cloud-based data. PerspecSys has concluded that:

  • “Almost 31 percent of respondents do not allow employees to access cloud applications such as Salesforce and DropBox from their mobile devices, but indicate employees do it anyway.”
  •  “34 percent of organizations do not encrypt or use tokenization in the cloud.”
  • “31 percent of organizations do not have any significant security protocols in place for employees using cloud applications.”
David Canellos, the CEO of PerspecSys reports that “through the poll data, as well as the results of hundreds of conversations we had at our exhibition booth, we were surprised to see how few companies are putting protocols in place for employees using cloud apps, as they are nearly ubiquitous as productivity enhancers and can hold important data that an organization has a vested interest in protecting. The data reinforces that simply blocking access isn’t an option, it’s time to be proactive and put long trusted security tools such as encryption and tokenization in place to make sure that no matter where your data is, it is protected.”

Stephen Kleynhans, research vice president of Gartner’s, stated in “How the Personal Cloud Impacts IT Organizations” published on February 6, 2014 that “enterprises must establish policies to manage the use of consumer-grade personal cloud tools, ensuring that appropriate information security and compliance controls aren't being overlooked. IT organizations must also actively survey the user base to understand the motivation behind the tools' use and ensure that advantageous functionality hasn't been missed as part of official IT-supported enterprise user environments. IT organizations need to look for places where consumers are using personal cloud services and related apps, and understand the motivations, realizing there may be significant business value that has been missed by IT.”

PerspecSys found that although NSA was a major discussion subject at the 2014 RSA Conference, almost half of those surveyed did not feel the recent headlines and media attention regarding government had any effect on their use of the cloud.

About PerspecSys

PerspecSys Inc. is a leading provider of cloud data control solutions that enable mission critical cloud applications to be adopted throughout the enterprise. PerspecSys gives organizations the ability to understand how employees are using cloud applications and take the necessary steps to protect sensitive information before it leaves the network. By removing the technical, legal and financial risks of placing sensitive data in the cloud, PerspecSys makes the public cloud private. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors, including Intel Capital, Paladin Capital and Ascent Venture Partners. For more information please visit and follow them on Twitter @PerspecSys.

Bookmark and Share

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)