Paul Douthit

The need for clear cloud security assessment boundaries

January 30 2012 @10:35 AM
By: Paul Douthit
Comment
Share

As a Cloud Service Provider (CSP) on GSA’s Infrastructure as a Service (IaaS) BPA, CGI has learned we must help our customers understand the extent of the security features they inherit from our certified IaaS services. GSA appropriately made these boundary distinctions a key issue during the risk assessment process. Since different CSPs have chosen different boundaries, it is very important that customers be aware of the extent of the security provided with their IaaS.   More...
Paul Douthit

Preparing for FedRAMP: Building security into the fabric of our cloud

December 20 2011 @8:39 AM
By: Paul Douthit
Comment
Share

Building security into the System Development Life Cycle (SDLC) is a basic security principle, but one not always well followed. When it is, the result speaks for itself: a more secure system. For CGI, following this “security first” principle enabled us to become the first certified Cloud Service Provider (CSP) to deliver secure cloud services under GSA’s Blanket Purchase Agreement (BPA) for Infrastructure as a Service (IaaS). Our approach also makes it easier to comply with new forthcoming FedRAMP requirements. More...
Ken Huang

Up in the air: The future of cloud identity management

December 15 2011 @2:11 PM
By: Ken Huang
Comment
Share

In early December, I was invited to speak at the second annual UP 2011 Cloud Computing Conference. As more organizations turn to cloud computing, one of the pressing needs that must be addressed is the development of identity access management standards. In my presentation, I discussed the work that’s underway to develop standards and some of the issues each standards organization must resolve. More...

Pages