Go | New | Find | Notify | Tools | Reply |
Member |
I think this is really dumb, AWS is the obvious choice. Is all the controversy made by the losers? https://www.vanityfair.com/new...ful-in-dc-than-trump I have a strong personal interest in this. How does all this look like to you? | ||
|
Member |
I'd be more concerned about the wisdom (or lack thereof) of putting all the DOD's data in the cloud, than about who gets the contract. | |||
|
Member |
It’s not the same cloud. It’s a wholly separate installation. https://aws.amazon.com/govcloud-us/ It’s still a private entity, though it would have 10 billion reasons to keep it tight. -- I always prefer reality when I can figure out what it is. JALLEN 10/18/18 https://sigforum.com/eve/forum...610094844#7610094844 | |||
|
10mm is The Boom of Doom |
One stop shopping for Beijing. What's not to like? Have these idjits completely forgotten the lessons of compartmentalization and segmentation? Boggled I am. God Bless and Protect the Once and Future President, Donald John Trump. | |||
|
Member |
As mentioned by Expert308, these systems would be within the AWS GovCloud. And will likely be an isolated / private cloud (isolated further I mean) within AWS GovCloud. CIA already uses AWS for a similar system. I'm sure there will be plenty of security and auditing. Assuming lots of Linux systems, then things would likely be protected by SELinux, cgroups (kernel isolation used with containers (or LXC/LXD)), and RBACs. Not to mention lots of IDS/IPS (and general DPI) to monitor the network traffic - which I expect would be encrypted itself. I have no direct background with Gov Systems or standards - but I don't see it making much of a difference since the Pentagon (and gov in general) has been been using private companies for their infrastructure aggressively since 2001. And given the OPM hack from 2015 (by China), it isn't like the non-cloud systems have the best track record anyway. | |||
|
Big Stack |
The "Cloud" is a relative thing. And this could be a double edged sword. Is it easier to protect and manage security for a single array of servers holding everything, than to do so far a myriad of separate systems scattered hither and yon, all with different groups managing them? The former standardizes security, lessening the chance that some individual system will have security that's not up to snuff. The flip side is, if hackers find a hole, they can get into the whole shootin' match. I would hope there'd be some level of internal partitioning to prevent this.
| |||
|
Powered by Social Strata |
Please Wait. Your request is being processed... |