SlideShare una empresa de Scribd logo

Cloud-Based Customer Experience Management Solutions For Government Agencies

RightNow Technologies
RightNow Technologies

This document discusses the opportunities and challenges of certifying cloud-based customer experience management solutions for U.S. federal government agencies. RightNow Technologies worked with SecureForce to certify its cloud solution against the NIST SP 800-53 "moderate" security baseline. They faced challenges with controls not written for cloud/multi-tenant environments and identifying hybrid controls. Lessons included documenting the architecture, automating processes, and considering the "high water mark" for system impact when multiple agencies use the solution. The document provides suggestions for NIST and considerations for both vendors and government customers regarding cloud security.

EmpresarialesTecnología
1 de 11
Descargar para leer sin conexión
CLOUD-BASED CUSTOMER EXPERIENCE MANAGEMENT SOLUTIONS FOR GOVERNMENT AGENCIES Opportunities and Challenges of Certifying Cloud-Based Solutions for U.S. Federal Government Civilian Agencies ©2009 RightNow Technologies. All rights reserved. RightNow and RightNow logo are trademarks of www.rightnow.com RightNow Technologies Inc. All other trademarks are the property of their respective owners. 9007
CLOUD-BASED CUSTOMER EXPERIENCE MANAGEMENT SOLUTIONS FOR GOVERNMENT AGENCIES TABLE OF CONTENTS Introduction .......... 1 Cloud Computing Fundamentals .......... 3 How We Approached C&A .......... 3 Challenges We Faced in Working Through Our C&A .......... 4 Lessons Learned in Working Through The Challenges .......... 5 Conclusion .......... 7 Authors .......... 9 About SecureForce .......... 9 About RightNow Technologies .......... 9 www.rightnow.com
INTRODUCTION RightNow Technologies RightNow is a provider of cloud-based customer experience management solutions that help consumer-centric organizations deliver exceptional customer experiences across the web, social networks, and contact centers. Founded in 1997, RightNow is headquartered in Bozeman, Montana, employs more than 800 people, and with more than eight billion customer interactions delivered, RightNow is the customer experience fabric for nearly 2,000 organizations around the globe. RightNow is listed on the NASDAQ under the symbol RNOW. Over 170 public sector clients, including nearly every US cabinet level agency, Army, Marines, Air Force, members of the Intelligence Community and DoD, rely on RightNow CX to deliver real-time information, when and where it’s needed. RightNow CX, the Customer Experience Suite RightNow CX is a total customer experience solution for consumer-centric organizations serious about enabling superior interactions across web, social, and contact center touchpoints. RightNow’s customer experience solutions give agencies the ability to coordinate disparate resources, including people and technology, across the organization to develop, rapidly execute, and manage a comprehensive customer experience strategy. RightNow CX applications address the three experiences that matter most (see diagram below), ensuring a seamless multi-channel (web, voice, chat, etc.) experience, regardless of the number or type of customer interactions initiated. RightNow Government Cloud To serve its U.S. Federal Government customers, RightNow has built a dedicated private cloud infrastructure from the ground up to provide enhanced security and satisfy regulatory compliance requirements. Deployed in a Tier 4 datacenter, the RightNow Government 1 www.rightnow.com Share This
Cloud offers logical separation of tenants and other controls necessary to provide the security, high availability, and redundancy equivalent to our commercial offering. The Government Cloud has been designed to satisfy the control requirements for the National Institute of Standards and Technology (NIST) 800-53 “moderate” baseline. Control implementation and compliance status has been independently verified and documented by a third party. SECUREFORCE SecureForce, LLC (SecureForce) is a Washington, DC Metro area based cybersecurity firm that has extensive experience supporting the U.S. Government. SecureForce has provided security engineering, Certification and Accreditation (C&A), security assessment, and security operations support to a broad customer base, including Federal Civilian agencies, the Department of Defense, and the Intelligence Community. SecureForce has performed numerous C&As leveraging the processes outlined in NIST 800-37, NIACAP, DIACAP and DCID 6/3. RightNow and SecureForce have partnered to ensure government compliance requirements are integrated throughout the lifecycle of the RightNow Government Cloud offering and a comprehensive C&A package is developed for each product release. The Demand for Cloud Computing We have seen an increasing demand for cloud computing resources to be made available in all enterprises globally. Very recently, the demand and interest for cloud computing resources in the Federal Government has increased tremendously. Increasingly, there is a need to offer cloud-based services to the Federal Government that have historically only been available to the private sector. The Goal of this Document RightNow and SecureForce have spent the last year and a half working through the complexities of certifying a cloud computing infrastructure against the moderate baseline of the NIST 800-53 control framework. Throughout this process we have identified a number of security controls that were not written with a cloud computing environment in mind. In this document we provide some insight into the high-level challenges that we have faced throughout this process, along with some of our findings, to raise the visibility for other cloud computing vendors who may be thinking about providing services to the Federal Government. We’ve also positioned this document to provide cloud computing buyers lessons learned with the goal of increasing awareness of the obstacles associated with performing C&A in the cloud. .......... 2 www.rightnow.com Share This
CLOUD COMPUTING FUNDAMENTALS In accordance with the NIST Definition of cloud computing (http://csrc.nist.gov/groups/ SNS/cloud-computing/), cloud-based services can be offered via one of three service models. Infrastructure Cloud (IaaS) Infrastructure services in the cloud. This type of cloud vendor will typically provide the processing, storage, and network infrastructure. Examples of IaaS vendors are: · Amazon EC2 and S3 · OpsSource · Rackspace Platform Cloud (PaaS) Cloud providers in this category typically provide either an application development platform, or a raw operating environment from which to house your applications. Vendors in the platform cloud could, in theory, be utilizing IaaS from another vendor underneath the covers. Examples of PaaS vendors are: · Microsoft Azure · Boomi · Google App Engine Application Cloud (SaaS) SaaS vendors are providing an actual application to their customers, typically delivered via web technologies such as Web 2.0 or smart client technology. SaaS vendors could, in theory, be utilizing both a PaaS vendor for delivery of their service and an IaaS vendor for the underlying infrastructure. Examples of SaaS vendors are: · RightNow Technologies · Concur · MessageLabs HOW WE APPROACHED C&A RightNow recognizes that meeting Federal Information Security Management Act (FISMA) compliance is a cost of doing business with the Federal Government. Furthermore, RightNow acknowledges the expectation of the government that vendors should be responsible for demonstrating FISMA compliance within their product offerings in order to establish the chain of trust as part of the implementation of the NIST Risk Management Framework (RMF). Through the partnership with SecureForce, RightNow has taken the initiative to demonstrate the required trustworthiness and address FISMA compliance head-on. Given the RightNow Government Cloud is a multi-tenant environment, we anticipated that certification boundaries would become blurry and controls would become harder to satisfy. In order to address all aspects of the cloud offering, a flexible yet comprehensive approach to addressing C&A within the cloud was required. Based upon the most common customer use cases and data types, the Federal Information Processing Standard (FIPS) 199 system categorization for the Government Cloud was determined to be moderate. To ensure consistent documentation and assessment of controls across tenants, the certification 3 www.rightnow.com Share This
boundary was determined to include all infrastructure components as well as the baseline application. The Government Cloud C&A package is built upon the NIST RMF and includes the following artifacts: Artifact Notes System Security Plan (SSP) Consistent with NIST SP 800-18 Security Assessment Report Consistent with NIST SP 800-53A Risk Assessment Report Consistent with NIST SP 800-30 Plan of Actions and Milestones (POA&M) Maintained by RightNow For each subsequent product version the C&A package is updated and made available to new customers or to existing customers that are upgrading to that version. For those customers that have extensive customizations that extend product functionality, an addendum to the C&A package for their product version must be developed to capture any non-compliant controls and potential risks that may be introduced via the customizations. CHALLENGES WE FACED IN WORKING THROUGH OUR C&A C&A is a complex process made more difficult when applied to a multi-tenant, cloud- based offering. The three most pressing issues we faced during the C&A of the Government Cloud were: 1) Multi-tenancy: Some NIST SP 800-53 controls and NIST SP 800-53A control assessment objectives were not written to address multi-tenancy or data co-mingling. As a result, this created some difficulty when assessing common controls applicable to the entire environment. Ultimately, those controls were fully documented in the SSP then assessed against the “spirit of the law” (i.e. does the control satisfy the control assessment objective while maintaining adequate isolation between customer instances?). 2) Hybrid Control Identification and Ownership Determination: While the majority of applicable security controls are the responsibility of the outsourced provider, some controls also require decision or action by the government customer. These types of controls in which there is shared responsibility between the vendor and the government are known as known as hybrid controls. Examples of hybrid controls include incident response and contingency planning where both the government and the vendor would be required to have policies and procedures in place and the policies and procedures in use by the government may be common for all systems within their inventory. Hybrid controls and the customer-specific responsibilities for meeting control assessment objectives are identified in both the SSP and SAR. 3) Lack of System and Control Documentation: The security architecture and concept of operations of the Government Cloud was not sufficiently documented to provide the necessary context for non-RightNow personnel to fully understand the Government Cloud architecture and operations in order to determine control adequacy and robustness. Having a fully documented security architecture and concept of operations is essential to ensuring complete transparency and establishing the necessary chain of trust between the vendor and the government customer. As part of the C&A process, the security architecture and concept of operations were documented in the SSP. 4 www.rightnow.com Share This
LESSONS LEARNED IN WORKING THROUGH THE CHALLENGES Multi-Tenancy Most cloud computing vendors in the SaaS space, including RightNow, offer a solution that is multi-tenant. Multi-tenancy presents a number of challenges, outlined above, in an environment that is to be certified and accredited. Here is a summary of the key lessons that we learned during our C&A. No context of cloud computing While multi-tenant environments are not explicitly prohibited, many of the controls in the NIST SP 800-53 framework assume a single-tenant installation. Because agencies have become familiar with these controls, many of the Information Assurance (IA) professionals and Authorizing Officials that we’ve worked with were initially very reluctant to housing their data in a multi-tenant environment. RightNow and SecureForce have been able to overcome this reluctance and provide a high degree of assurance regarding the effectiveness of control implementation by clearly outlining the security engineering decisions that RightNow made early-on to logically separate clients from one another. Throughout the C&A process, careful attention was paid to clearly detailing the technical steps taken to logically separate customers from one another in such a way that the risk of co-mingling of data on the same physical infrastructure and the likelihood of cross-organizational operational impact are minimal. System categorization must be based upon high watermark It was also recognized early-on that in a multi-tenant environment, the system as a whole would need to be certified and accredited at a FIPS 199 impact categorization that was commensurate with the highest level that any single potential client could require. This is due to the fact that a large number of the controls that are documented and audited are common controls that involve all of the underlying infrastructure components that are shared in a multi-tenant environment. Consequently, any cloud computing vendor who intends to run a multi-tenant environment would need to certify at the “high water mark”, determined by the highest feasible impact categorization of any single tenant of the infrastructure. Of course, this means that tenants that do not have an explicit requirement for a higher level impact categorization get to take advantage of the increased operational and security controls that are in place. Not only does this provide them with an extra level of assurance in their cloud computing vendor, but it allows them the flexibility to grow into system requirements that are beyond the scope of their original deployment. Consistent and repeatable processes are required Consistent and repeatable processes should be part of any mature cloud computing vendor’s operational practices. The NIST 800-53 control framework requires policies and procedures be developed for all three classes of controls—technical, operational, and management. The application of consistent and repeatable processes can be difficult and is further complicated when being applied to a multi-tenant cloud computing environment. Automation is key to cloud computing Automated and repeatable processes must be tightly integrated throughout all components of the environment to maintain the integrity and security of the cloud computing platform 5 www.rightnow.com Share This
and to ensure quality provisioning of elastic, on demand, services. RightNow has developed a comprehensive management system which automates commonly performed tasks throughout the Government Cloud, including the infrastructure, platform, and application. RightNow achieves operational excellence, while maintaining a robust security posture, in a complex multi-tenant environment by directly controlling all aspects of the Government Cloud. Change management approval process is mandatory In any computing environment, there will inevitably be some processes which cannot be automated. Those processes which cannot be automated require thorough review and approvals to ensure that operational risk is reduced as much as possible, without losing the ability to be flexible. We have implemented a change management and tracking process that allows the operators of the environment to propose changes to the environment. These proposals are reviewed by appropriate engineering resources and approved by management multiple times per week. This level of frequency allows us to be responsive to customer demands in a constantly evolving environment. Version control is taken to a new level The ability to run multiple versions of the application (SaaS level) of the cloud computing environment is driven primarily by the mission criticality of the application use case. Having a system that allows the tenants a choice in version and upgrade schedule is one of the many unique value propositions that RightNow provides. Maintaining a large number of versions in a production environment requires robust logical separation of tenants from one another. Only through robust logical separation can the integrity of the environment be maintained despite the disparity in service functionality and patch levels between tenants. 6 www.rightnow.com Share This
CONCLUSION Suggestions To address common concerns related to cloud computing, guidance should be developed that addresses the application of the NIST 800-53 control framework to a cloud computing environment. Particular attention should be paid to explaining the risks associated with multi-tenancy and the types of controls and countermeasures that may be put in place to effectively enforce and monitor logical separation, and their ability to mitigate the associated risks. Additionally, the guidance should address those hybrid controls that may be common across the cloud computing environment (i.e. common for all tenants) as well as those controls where the responsibility for control implementation should be shared between the vendor and the government. We are aware that NIST is presently developing guidance on cloud computing and we look forward to reviewing and providing feedback on the initial public draft. Considerations Vendors should be aware that: · Government customers are required to conduct C&A of their systems prior to operation and are required to monitor the system on a continuous basis thereafter. · Government customers expect the vendors to support the C&A process; therefore, C&A is a mandatory requirement for doing business with the government. · Government customers expect complete transparency into cloud computing offerings in order to ensure all aspects of the offering (e.g. 3rd party vendors and services) meet the necessary control requirements and do not weaken the chain of trust. · Hybrid controls exist where there may be shared responsibility between the vendor and government. · Security engineering should be tightly integrated throughout the lifecycle of cloud computing offerings so that security requirements are fully understood and a risk management program is in place to balance security against operational and functional requirements. Government customers should be aware that: · Many vendors have never dealt with C&A and are not fully educated on the requirements for complying with FISMA. Contracts should clearly identify the applicable NIST 800-53 controls and enhancements and the vendor’s responsibility to ensure they are satisfied. · NIST guidelines do not fully address cloud computing. Applicable controls must be assessed within the given context of their environment. · Hybrid controls exist where there may be shared responsibility between the vendor and government. · Mature cloud computing vendors should be able to demonstrate that security engineering principles are tightly integrated throughout the lifecycle of their offerings, that security requirements are fully understood, and a risk management program is in place to balance security against operational and functional requirements. 7 www.rightnow.com Share This
Chain of Trust Transparency is a key factor in developing trust with cloud computing consumers. If the chain of trust has fewer links, the service will ultimately be easier to secure and control, thereby facilitating: · Auditing · Reporting · Accountability Cloud computing vendors who have direct control over all three cloud service models will have a distinct advantage for providing transparency as well as addressing the numerous controls and policies necessary to achieve compliance and accreditation. Very little finger pointing can take place in an environment where a single vendor is responsible from end to end. Summary In going through the FISMA certification and accreditation process, we found several things particularly challenging: · Multi-tenancy: clarity and guidance needs to be provided to help define and control multi-tenant environments · Hybrid controls: standards need to be updated to accommodate that some controls may be applicable across multiple layers of infrastructure, with different responsible parties at each layer · Lack of system and control documentation: this is an area that vendors just need to be prepared to address We suggest that the FISMA guidelines be updated to provide clarity in the first two issues noted above and would welcome the opportunity to provide direct feedback in these areas to those who are responsible for writing/amending the guidelines. There have been some changes made recently to NIST 800-37 (revision 1) that will make a unified standard and methodology easier to achieve over the long term. However, we feel that these changes do not yet directly address the areas that we’re suggesting above. 8 www.rightnow.com Share This
AUTHORS Ben Nelson CISO & Director, IT Services RightNow Technologies Stefen Smith, CISSP-ISSEP Chief Technology Officer SecureForce ABOUT SECUREFORCE SecureForce is passionate about cyber security. We are comprehensive in our approach to providing end-to-end security solutions using state-of-the-art technologies supplemented with constantly evolving knowledge and expertise. Our methods are singularly focused on removing the threat of cyber exploitation. Located in Washington, DC, SecureForce has the proven credentials to assess, architect, engineer, certify, accredit, and operate the security infrastructure of the largest government agencies and corporations located in the U.S. and abroad. ABOUT RIGHTNOW RightNow (NASDAQ: RNOW) delivers the high-impact technology solutions and services organizations need to cost-efficiently deliver a consistently superior customer experience across their frontline service touchpoints. Approximately 1,900 corporations, government agencies, and institutions worldwide depend on RightNow to achieve their strategic objectives and better meet the needs of those they serve. RightNow is headquartered in Bozeman, Montana. For more information, please visit www.rightnow.com. RightNow is a registered trademark of RightNow Technologies, Inc. NASDAQ is a registered trademark of the NASDAQ Stock Market. Contact us today to find out how we can help you create the best possible customer experience for your customers. Our solutions: RightNow CX RightNow Social Experience RightNow Engage The Customer Experience Suite RightNow Web Experience RightNow Contact Center Experience RightNow CX Cloud Platform Be social with us: RightNow.com Twitter Facebook YouTube LinkedIn RightNow Blog 9 www.rightnow.com Share This

Recomendados

Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the CloudRochester Security Summit
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015Redington Value Distribution
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
CA
CACA
CApatrikbzz
 
G10.2013 Application Delivery Controllers
G10.2013 Application Delivery ControllersG10.2013 Application Delivery Controllers
G10.2013 Application Delivery ControllersSatya Harish
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 

Recomendados

Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the CloudRochester Security Summit
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015Redington Value Distribution
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
CA
CACA
CApatrikbzz
 
G10.2013 Application Delivery Controllers
G10.2013 Application Delivery ControllersG10.2013 Application Delivery Controllers
G10.2013 Application Delivery ControllersSatya Harish
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourceditRobert Kloots
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...United International Journal for Research & Technology
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Cognizant
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance NETSCOUT
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdaptMaggie Albrecht
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGInternational Journal of Technical Research & Application
 
Accenture Computing In A Cloud
Accenture Computing In A CloudAccenture Computing In A Cloud
Accenture Computing In A Cloudchzesin
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security GovernanceBooz Allen Hamilton
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 
CLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdfCLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdfNeeraj Kumar
 
2.evaluating cloud platforms
2.evaluating cloud platforms2.evaluating cloud platforms
2.evaluating cloud platformsDrRajapraveenkN
 

Más contenido relacionado

La actualidad más candente

Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourceditRobert Kloots
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Cognizant
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance NETSCOUT
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
Accenture Computing In A Cloud
Accenture Computing In A CloudAccenture Computing In A Cloud
Accenture Computing In A Cloudchzesin
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 

La actualidad más candente (20)

Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourcedit
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdapt
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTING
 
Accenture Computing In A Cloud
Accenture Computing In A CloudAccenture Computing In A Cloud
Accenture Computing In A Cloud
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 

Similar a Cloud-Based Customer Experience Management Solutions For Government Agencies

CLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdfCLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdfNeeraj Kumar
 
2.evaluating cloud platforms
2.evaluating cloud platforms2.evaluating cloud platforms
2.evaluating cloud platformsDrRajapraveenkN
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
What's New at VMware?
What's New at VMware?What's New at VMware?
What's New at VMware?Vmwareir
 
Benefits of a Virtual Private Cloud (VPC) – Netmagic
Benefits of a Virtual Private Cloud (VPC) – NetmagicBenefits of a Virtual Private Cloud (VPC) – Netmagic
Benefits of a Virtual Private Cloud (VPC) – NetmagicNetmagic Solutions Pvt. Ltd.
 
QuickView #5 - Cloud
QuickView #5 - CloudQuickView #5 - Cloud
QuickView #5 - CloudSonovate
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudSourabh Saxena
 
Visiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Cscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerceCscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commercer_arorabms
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET Journal
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructureEricsson
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 

Similar a Cloud-Based Customer Experience Management Solutions For Government Agencies (20)

CLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdfCLOUD BASED SERVICES EX.pdf
CLOUD BASED SERVICES EX.pdf
 
2.evaluating cloud platforms
2.evaluating cloud platforms2.evaluating cloud platforms
2.evaluating cloud platforms
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
What's New at VMware?
What's New at VMware?What's New at VMware?
What's New at VMware?
 
Benefits of a Virtual Private Cloud (VPC) – Netmagic
Benefits of a Virtual Private Cloud (VPC) – NetmagicBenefits of a Virtual Private Cloud (VPC) – Netmagic
Benefits of a Virtual Private Cloud (VPC) – Netmagic
 
QuickView #5 - Cloud
QuickView #5 - CloudQuickView #5 - Cloud
QuickView #5 - Cloud
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloud
 
Visiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watch
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Value Journal - September 2020
Value Journal - September 2020Value Journal - September 2020
Value Journal - September 2020
 
Cscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerceCscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerce
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and Solution
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 

Más de RightNow Technologies

2011 Customer Experience Impact Report
2011 Customer Experience Impact Report2011 Customer Experience Impact Report
2011 Customer Experience Impact ReportRightNow Technologies
 
2010 Customer Experience Impact Report
2010 Customer Experience Impact Report2010 Customer Experience Impact Report
2010 Customer Experience Impact ReportRightNow Technologies
 
RightNow Brings Social Into The Customer Experience
RightNow Brings Social Into The Customer ExperienceRightNow Brings Social Into The Customer Experience
RightNow Brings Social Into The Customer ExperienceRightNow Technologies
 
Consumer Electronics Gets CRM RightNow
Consumer Electronics Gets CRM RightNowConsumer Electronics Gets CRM RightNow
Consumer Electronics Gets CRM RightNowRightNow Technologies
 
RightNow's 4th Annual Customer Experience Impact Report
RightNow's 4th Annual Customer Experience Impact ReportRightNow's 4th Annual Customer Experience Impact Report
RightNow's 4th Annual Customer Experience Impact ReportRightNow Technologies
 
RightNow's 2nd Annual Customer Experience Impact Report
RightNow's 2nd Annual Customer Experience Impact ReportRightNow's 2nd Annual Customer Experience Impact Report
RightNow's 2nd Annual Customer Experience Impact ReportRightNow Technologies
 
Nucleus Research ROI Case Study 2008
Nucleus Research ROI Case Study 2008Nucleus Research ROI Case Study 2008
Nucleus Research ROI Case Study 2008RightNow Technologies
 
Nucleus Research: Evaluating The On-demand Contact Center
Nucleus Research: Evaluating The On-demand Contact CenterNucleus Research: Evaluating The On-demand Contact Center
Nucleus Research: Evaluating The On-demand Contact CenterRightNow Technologies
 
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...The Importance of Multi-Channel Contact and Social Media to the Customer Expe...
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...RightNow Technologies
 
Decision Matrix: Selecting a CRM Vendor in Higher Education
Decision Matrix: Selecting a CRM Vendor in Higher EducationDecision Matrix: Selecting a CRM Vendor in Higher Education
Decision Matrix: Selecting a CRM Vendor in Higher EducationRightNow Technologies
 
Eight Steps to Great Customer Experiences for Government Agencies
Eight Steps to Great Customer Experiences for Government AgenciesEight Steps to Great Customer Experiences for Government Agencies
Eight Steps to Great Customer Experiences for Government AgenciesRightNow Technologies
 
Right now customer-feedback-survey-best-practices-brief
Right now customer-feedback-survey-best-practices-briefRight now customer-feedback-survey-best-practices-brief
Right now customer-feedback-survey-best-practices-briefRightNow Technologies
 
Empowered Interactions: Delivering a Differentiated Student Lifecycle Experience
Empowered Interactions: Delivering a Differentiated Student Lifecycle ExperienceEmpowered Interactions: Delivering a Differentiated Student Lifecycle Experience
Empowered Interactions: Delivering a Differentiated Student Lifecycle ExperienceRightNow Technologies
 
Customer Experience Makeover: A Practical Approach to Differentiated Service
Customer Experience Makeover: A Practical Approach to Differentiated ServiceCustomer Experience Makeover: A Practical Approach to Differentiated Service
Customer Experience Makeover: A Practical Approach to Differentiated ServiceRightNow Technologies
 
CRM and National Security: Five Essential Software Capabilities
CRM and National Security: Five Essential Software CapabilitiesCRM and National Security: Five Essential Software Capabilities
CRM and National Security: Five Essential Software CapabilitiesRightNow Technologies
 
Webcast: Piloting the Cloud: Social Web and the Public Sector
Webcast: Piloting the Cloud: Social Web and the Public SectorWebcast: Piloting the Cloud: Social Web and the Public Sector
Webcast: Piloting the Cloud: Social Web and the Public SectorRightNow Technologies
 
Webcast: Piloting the Cloud: The Open Government Directive
Webcast: Piloting the Cloud: The Open Government DirectiveWebcast: Piloting the Cloud: The Open Government Directive
Webcast: Piloting the Cloud: The Open Government DirectiveRightNow Technologies
 
Delivering Customer Service in the Cloud
Delivering Customer Service in the CloudDelivering Customer Service in the Cloud
Delivering Customer Service in the CloudRightNow Technologies
 

Más de RightNow Technologies (20)

2011 Customer Experience Impact Report
2011 Customer Experience Impact Report2011 Customer Experience Impact Report
2011 Customer Experience Impact Report
 
2010 Customer Experience Impact Report
2010 Customer Experience Impact Report2010 Customer Experience Impact Report
2010 Customer Experience Impact Report
 
Drugstore.com Gartner Slides
Drugstore.com Gartner SlidesDrugstore.com Gartner Slides
Drugstore.com Gartner Slides
 
RightNow Brings Social Into The Customer Experience
RightNow Brings Social Into The Customer ExperienceRightNow Brings Social Into The Customer Experience
RightNow Brings Social Into The Customer Experience
 
Consumer Electronics Gets CRM RightNow
Consumer Electronics Gets CRM RightNowConsumer Electronics Gets CRM RightNow
Consumer Electronics Gets CRM RightNow
 
RightNow's 4th Annual Customer Experience Impact Report
RightNow's 4th Annual Customer Experience Impact ReportRightNow's 4th Annual Customer Experience Impact Report
RightNow's 4th Annual Customer Experience Impact Report
 
RightNow's 2nd Annual Customer Experience Impact Report
RightNow's 2nd Annual Customer Experience Impact ReportRightNow's 2nd Annual Customer Experience Impact Report
RightNow's 2nd Annual Customer Experience Impact Report
 
Nucleus Research ROI Case Study 2008
Nucleus Research ROI Case Study 2008Nucleus Research ROI Case Study 2008
Nucleus Research ROI Case Study 2008
 
Nucleus Research: Evaluating The On-demand Contact Center
Nucleus Research: Evaluating The On-demand Contact CenterNucleus Research: Evaluating The On-demand Contact Center
Nucleus Research: Evaluating The On-demand Contact Center
 
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...The Importance of Multi-Channel Contact and Social Media to the Customer Expe...
The Importance of Multi-Channel Contact and Social Media to the Customer Expe...
 
Decision Matrix: Selecting a CRM Vendor in Higher Education
Decision Matrix: Selecting a CRM Vendor in Higher EducationDecision Matrix: Selecting a CRM Vendor in Higher Education
Decision Matrix: Selecting a CRM Vendor in Higher Education
 
Eight Steps to Great Customer Experiences for Government Agencies
Eight Steps to Great Customer Experiences for Government AgenciesEight Steps to Great Customer Experiences for Government Agencies
Eight Steps to Great Customer Experiences for Government Agencies
 
Right now customer-feedback-survey-best-practices-brief
Right now customer-feedback-survey-best-practices-briefRight now customer-feedback-survey-best-practices-brief
Right now customer-feedback-survey-best-practices-brief
 
Empowered Interactions: Delivering a Differentiated Student Lifecycle Experience
Empowered Interactions: Delivering a Differentiated Student Lifecycle ExperienceEmpowered Interactions: Delivering a Differentiated Student Lifecycle Experience
Empowered Interactions: Delivering a Differentiated Student Lifecycle Experience
 
Proactive Customer Service
Proactive Customer ServiceProactive Customer Service
Proactive Customer Service
 
Customer Experience Makeover: A Practical Approach to Differentiated Service
Customer Experience Makeover: A Practical Approach to Differentiated ServiceCustomer Experience Makeover: A Practical Approach to Differentiated Service
Customer Experience Makeover: A Practical Approach to Differentiated Service
 
CRM and National Security: Five Essential Software Capabilities
CRM and National Security: Five Essential Software CapabilitiesCRM and National Security: Five Essential Software Capabilities
CRM and National Security: Five Essential Software Capabilities
 
Webcast: Piloting the Cloud: Social Web and the Public Sector
Webcast: Piloting the Cloud: Social Web and the Public SectorWebcast: Piloting the Cloud: Social Web and the Public Sector
Webcast: Piloting the Cloud: Social Web and the Public Sector
 
Webcast: Piloting the Cloud: The Open Government Directive
Webcast: Piloting the Cloud: The Open Government DirectiveWebcast: Piloting the Cloud: The Open Government Directive
Webcast: Piloting the Cloud: The Open Government Directive
 
Delivering Customer Service in the Cloud
Delivering Customer Service in the CloudDelivering Customer Service in the Cloud
Delivering Customer Service in the Cloud
 

Último

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 

Último (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 

Cloud-Based Customer Experience Management Solutions For Government Agencies

  • 1. CLOUD-BASED CUSTOMER EXPERIENCE MANAGEMENT SOLUTIONS FOR GOVERNMENT AGENCIES Opportunities and Challenges of Certifying Cloud-Based Solutions for U.S. Federal Government Civilian Agencies ©2009 RightNow Technologies. All rights reserved. RightNow and RightNow logo are trademarks of www.rightnow.com RightNow Technologies Inc. All other trademarks are the property of their respective owners. 9007
  • 2. CLOUD-BASED CUSTOMER EXPERIENCE MANAGEMENT SOLUTIONS FOR GOVERNMENT AGENCIES TABLE OF CONTENTS Introduction .......... 1 Cloud Computing Fundamentals .......... 3 How We Approached C&A .......... 3 Challenges We Faced in Working Through Our C&A .......... 4 Lessons Learned in Working Through The Challenges .......... 5 Conclusion .......... 7 Authors .......... 9 About SecureForce .......... 9 About RightNow Technologies .......... 9 www.rightnow.com
  • 3. INTRODUCTION RightNow Technologies RightNow is a provider of cloud-based customer experience management solutions that help consumer-centric organizations deliver exceptional customer experiences across the web, social networks, and contact centers. Founded in 1997, RightNow is headquartered in Bozeman, Montana, employs more than 800 people, and with more than eight billion customer interactions delivered, RightNow is the customer experience fabric for nearly 2,000 organizations around the globe. RightNow is listed on the NASDAQ under the symbol RNOW. Over 170 public sector clients, including nearly every US cabinet level agency, Army, Marines, Air Force, members of the Intelligence Community and DoD, rely on RightNow CX to deliver real-time information, when and where it’s needed. RightNow CX, the Customer Experience Suite RightNow CX is a total customer experience solution for consumer-centric organizations serious about enabling superior interactions across web, social, and contact center touchpoints. RightNow’s customer experience solutions give agencies the ability to coordinate disparate resources, including people and technology, across the organization to develop, rapidly execute, and manage a comprehensive customer experience strategy. RightNow CX applications address the three experiences that matter most (see diagram below), ensuring a seamless multi-channel (web, voice, chat, etc.) experience, regardless of the number or type of customer interactions initiated. RightNow Government Cloud To serve its U.S. Federal Government customers, RightNow has built a dedicated private cloud infrastructure from the ground up to provide enhanced security and satisfy regulatory compliance requirements. Deployed in a Tier 4 datacenter, the RightNow Government 1 www.rightnow.com Share This
  • 4. Cloud offers logical separation of tenants and other controls necessary to provide the security, high availability, and redundancy equivalent to our commercial offering. The Government Cloud has been designed to satisfy the control requirements for the National Institute of Standards and Technology (NIST) 800-53 “moderate” baseline. Control implementation and compliance status has been independently verified and documented by a third party. SECUREFORCE SecureForce, LLC (SecureForce) is a Washington, DC Metro area based cybersecurity firm that has extensive experience supporting the U.S. Government. SecureForce has provided security engineering, Certification and Accreditation (C&A), security assessment, and security operations support to a broad customer base, including Federal Civilian agencies, the Department of Defense, and the Intelligence Community. SecureForce has performed numerous C&As leveraging the processes outlined in NIST 800-37, NIACAP, DIACAP and DCID 6/3. RightNow and SecureForce have partnered to ensure government compliance requirements are integrated throughout the lifecycle of the RightNow Government Cloud offering and a comprehensive C&A package is developed for each product release. The Demand for Cloud Computing We have seen an increasing demand for cloud computing resources to be made available in all enterprises globally. Very recently, the demand and interest for cloud computing resources in the Federal Government has increased tremendously. Increasingly, there is a need to offer cloud-based services to the Federal Government that have historically only been available to the private sector. The Goal of this Document RightNow and SecureForce have spent the last year and a half working through the complexities of certifying a cloud computing infrastructure against the moderate baseline of the NIST 800-53 control framework. Throughout this process we have identified a number of security controls that were not written with a cloud computing environment in mind. In this document we provide some insight into the high-level challenges that we have faced throughout this process, along with some of our findings, to raise the visibility for other cloud computing vendors who may be thinking about providing services to the Federal Government. We’ve also positioned this document to provide cloud computing buyers lessons learned with the goal of increasing awareness of the obstacles associated with performing C&A in the cloud. .......... 2 www.rightnow.com Share This
  • 5. CLOUD COMPUTING FUNDAMENTALS In accordance with the NIST Definition of cloud computing (http://csrc.nist.gov/groups/ SNS/cloud-computing/), cloud-based services can be offered via one of three service models. Infrastructure Cloud (IaaS) Infrastructure services in the cloud. This type of cloud vendor will typically provide the processing, storage, and network infrastructure. Examples of IaaS vendors are: · Amazon EC2 and S3 · OpsSource · Rackspace Platform Cloud (PaaS) Cloud providers in this category typically provide either an application development platform, or a raw operating environment from which to house your applications. Vendors in the platform cloud could, in theory, be utilizing IaaS from another vendor underneath the covers. Examples of PaaS vendors are: · Microsoft Azure · Boomi · Google App Engine Application Cloud (SaaS) SaaS vendors are providing an actual application to their customers, typically delivered via web technologies such as Web 2.0 or smart client technology. SaaS vendors could, in theory, be utilizing both a PaaS vendor for delivery of their service and an IaaS vendor for the underlying infrastructure. Examples of SaaS vendors are: · RightNow Technologies · Concur · MessageLabs HOW WE APPROACHED C&A RightNow recognizes that meeting Federal Information Security Management Act (FISMA) compliance is a cost of doing business with the Federal Government. Furthermore, RightNow acknowledges the expectation of the government that vendors should be responsible for demonstrating FISMA compliance within their product offerings in order to establish the chain of trust as part of the implementation of the NIST Risk Management Framework (RMF). Through the partnership with SecureForce, RightNow has taken the initiative to demonstrate the required trustworthiness and address FISMA compliance head-on. Given the RightNow Government Cloud is a multi-tenant environment, we anticipated that certification boundaries would become blurry and controls would become harder to satisfy. In order to address all aspects of the cloud offering, a flexible yet comprehensive approach to addressing C&A within the cloud was required. Based upon the most common customer use cases and data types, the Federal Information Processing Standard (FIPS) 199 system categorization for the Government Cloud was determined to be moderate. To ensure consistent documentation and assessment of controls across tenants, the certification 3 www.rightnow.com Share This
  • 6. boundary was determined to include all infrastructure components as well as the baseline application. The Government Cloud C&A package is built upon the NIST RMF and includes the following artifacts: Artifact Notes System Security Plan (SSP) Consistent with NIST SP 800-18 Security Assessment Report Consistent with NIST SP 800-53A Risk Assessment Report Consistent with NIST SP 800-30 Plan of Actions and Milestones (POA&M) Maintained by RightNow For each subsequent product version the C&A package is updated and made available to new customers or to existing customers that are upgrading to that version. For those customers that have extensive customizations that extend product functionality, an addendum to the C&A package for their product version must be developed to capture any non-compliant controls and potential risks that may be introduced via the customizations. CHALLENGES WE FACED IN WORKING THROUGH OUR C&A C&A is a complex process made more difficult when applied to a multi-tenant, cloud- based offering. The three most pressing issues we faced during the C&A of the Government Cloud were: 1) Multi-tenancy: Some NIST SP 800-53 controls and NIST SP 800-53A control assessment objectives were not written to address multi-tenancy or data co-mingling. As a result, this created some difficulty when assessing common controls applicable to the entire environment. Ultimately, those controls were fully documented in the SSP then assessed against the “spirit of the law” (i.e. does the control satisfy the control assessment objective while maintaining adequate isolation between customer instances?). 2) Hybrid Control Identification and Ownership Determination: While the majority of applicable security controls are the responsibility of the outsourced provider, some controls also require decision or action by the government customer. These types of controls in which there is shared responsibility between the vendor and the government are known as known as hybrid controls. Examples of hybrid controls include incident response and contingency planning where both the government and the vendor would be required to have policies and procedures in place and the policies and procedures in use by the government may be common for all systems within their inventory. Hybrid controls and the customer-specific responsibilities for meeting control assessment objectives are identified in both the SSP and SAR. 3) Lack of System and Control Documentation: The security architecture and concept of operations of the Government Cloud was not sufficiently documented to provide the necessary context for non-RightNow personnel to fully understand the Government Cloud architecture and operations in order to determine control adequacy and robustness. Having a fully documented security architecture and concept of operations is essential to ensuring complete transparency and establishing the necessary chain of trust between the vendor and the government customer. As part of the C&A process, the security architecture and concept of operations were documented in the SSP. 4 www.rightnow.com Share This
  • 7. LESSONS LEARNED IN WORKING THROUGH THE CHALLENGES Multi-Tenancy Most cloud computing vendors in the SaaS space, including RightNow, offer a solution that is multi-tenant. Multi-tenancy presents a number of challenges, outlined above, in an environment that is to be certified and accredited. Here is a summary of the key lessons that we learned during our C&A. No context of cloud computing While multi-tenant environments are not explicitly prohibited, many of the controls in the NIST SP 800-53 framework assume a single-tenant installation. Because agencies have become familiar with these controls, many of the Information Assurance (IA) professionals and Authorizing Officials that we’ve worked with were initially very reluctant to housing their data in a multi-tenant environment. RightNow and SecureForce have been able to overcome this reluctance and provide a high degree of assurance regarding the effectiveness of control implementation by clearly outlining the security engineering decisions that RightNow made early-on to logically separate clients from one another. Throughout the C&A process, careful attention was paid to clearly detailing the technical steps taken to logically separate customers from one another in such a way that the risk of co-mingling of data on the same physical infrastructure and the likelihood of cross-organizational operational impact are minimal. System categorization must be based upon high watermark It was also recognized early-on that in a multi-tenant environment, the system as a whole would need to be certified and accredited at a FIPS 199 impact categorization that was commensurate with the highest level that any single potential client could require. This is due to the fact that a large number of the controls that are documented and audited are common controls that involve all of the underlying infrastructure components that are shared in a multi-tenant environment. Consequently, any cloud computing vendor who intends to run a multi-tenant environment would need to certify at the “high water mark”, determined by the highest feasible impact categorization of any single tenant of the infrastructure. Of course, this means that tenants that do not have an explicit requirement for a higher level impact categorization get to take advantage of the increased operational and security controls that are in place. Not only does this provide them with an extra level of assurance in their cloud computing vendor, but it allows them the flexibility to grow into system requirements that are beyond the scope of their original deployment. Consistent and repeatable processes are required Consistent and repeatable processes should be part of any mature cloud computing vendor’s operational practices. The NIST 800-53 control framework requires policies and procedures be developed for all three classes of controls—technical, operational, and management. The application of consistent and repeatable processes can be difficult and is further complicated when being applied to a multi-tenant cloud computing environment. Automation is key to cloud computing Automated and repeatable processes must be tightly integrated throughout all components of the environment to maintain the integrity and security of the cloud computing platform 5 www.rightnow.com Share This
  • 8. and to ensure quality provisioning of elastic, on demand, services. RightNow has developed a comprehensive management system which automates commonly performed tasks throughout the Government Cloud, including the infrastructure, platform, and application. RightNow achieves operational excellence, while maintaining a robust security posture, in a complex multi-tenant environment by directly controlling all aspects of the Government Cloud. Change management approval process is mandatory In any computing environment, there will inevitably be some processes which cannot be automated. Those processes which cannot be automated require thorough review and approvals to ensure that operational risk is reduced as much as possible, without losing the ability to be flexible. We have implemented a change management and tracking process that allows the operators of the environment to propose changes to the environment. These proposals are reviewed by appropriate engineering resources and approved by management multiple times per week. This level of frequency allows us to be responsive to customer demands in a constantly evolving environment. Version control is taken to a new level The ability to run multiple versions of the application (SaaS level) of the cloud computing environment is driven primarily by the mission criticality of the application use case. Having a system that allows the tenants a choice in version and upgrade schedule is one of the many unique value propositions that RightNow provides. Maintaining a large number of versions in a production environment requires robust logical separation of tenants from one another. Only through robust logical separation can the integrity of the environment be maintained despite the disparity in service functionality and patch levels between tenants. 6 www.rightnow.com Share This
  • 9. CONCLUSION Suggestions To address common concerns related to cloud computing, guidance should be developed that addresses the application of the NIST 800-53 control framework to a cloud computing environment. Particular attention should be paid to explaining the risks associated with multi-tenancy and the types of controls and countermeasures that may be put in place to effectively enforce and monitor logical separation, and their ability to mitigate the associated risks. Additionally, the guidance should address those hybrid controls that may be common across the cloud computing environment (i.e. common for all tenants) as well as those controls where the responsibility for control implementation should be shared between the vendor and the government. We are aware that NIST is presently developing guidance on cloud computing and we look forward to reviewing and providing feedback on the initial public draft. Considerations Vendors should be aware that: · Government customers are required to conduct C&A of their systems prior to operation and are required to monitor the system on a continuous basis thereafter. · Government customers expect the vendors to support the C&A process; therefore, C&A is a mandatory requirement for doing business with the government. · Government customers expect complete transparency into cloud computing offerings in order to ensure all aspects of the offering (e.g. 3rd party vendors and services) meet the necessary control requirements and do not weaken the chain of trust. · Hybrid controls exist where there may be shared responsibility between the vendor and government. · Security engineering should be tightly integrated throughout the lifecycle of cloud computing offerings so that security requirements are fully understood and a risk management program is in place to balance security against operational and functional requirements. Government customers should be aware that: · Many vendors have never dealt with C&A and are not fully educated on the requirements for complying with FISMA. Contracts should clearly identify the applicable NIST 800-53 controls and enhancements and the vendor’s responsibility to ensure they are satisfied. · NIST guidelines do not fully address cloud computing. Applicable controls must be assessed within the given context of their environment. · Hybrid controls exist where there may be shared responsibility between the vendor and government. · Mature cloud computing vendors should be able to demonstrate that security engineering principles are tightly integrated throughout the lifecycle of their offerings, that security requirements are fully understood, and a risk management program is in place to balance security against operational and functional requirements. 7 www.rightnow.com Share This
  • 10. Chain of Trust Transparency is a key factor in developing trust with cloud computing consumers. If the chain of trust has fewer links, the service will ultimately be easier to secure and control, thereby facilitating: · Auditing · Reporting · Accountability Cloud computing vendors who have direct control over all three cloud service models will have a distinct advantage for providing transparency as well as addressing the numerous controls and policies necessary to achieve compliance and accreditation. Very little finger pointing can take place in an environment where a single vendor is responsible from end to end. Summary In going through the FISMA certification and accreditation process, we found several things particularly challenging: · Multi-tenancy: clarity and guidance needs to be provided to help define and control multi-tenant environments · Hybrid controls: standards need to be updated to accommodate that some controls may be applicable across multiple layers of infrastructure, with different responsible parties at each layer · Lack of system and control documentation: this is an area that vendors just need to be prepared to address We suggest that the FISMA guidelines be updated to provide clarity in the first two issues noted above and would welcome the opportunity to provide direct feedback in these areas to those who are responsible for writing/amending the guidelines. There have been some changes made recently to NIST 800-37 (revision 1) that will make a unified standard and methodology easier to achieve over the long term. However, we feel that these changes do not yet directly address the areas that we’re suggesting above. 8 www.rightnow.com Share This
  • 11. AUTHORS Ben Nelson CISO & Director, IT Services RightNow Technologies Stefen Smith, CISSP-ISSEP Chief Technology Officer SecureForce ABOUT SECUREFORCE SecureForce is passionate about cyber security. We are comprehensive in our approach to providing end-to-end security solutions using state-of-the-art technologies supplemented with constantly evolving knowledge and expertise. Our methods are singularly focused on removing the threat of cyber exploitation. Located in Washington, DC, SecureForce has the proven credentials to assess, architect, engineer, certify, accredit, and operate the security infrastructure of the largest government agencies and corporations located in the U.S. and abroad. ABOUT RIGHTNOW RightNow (NASDAQ: RNOW) delivers the high-impact technology solutions and services organizations need to cost-efficiently deliver a consistently superior customer experience across their frontline service touchpoints. Approximately 1,900 corporations, government agencies, and institutions worldwide depend on RightNow to achieve their strategic objectives and better meet the needs of those they serve. RightNow is headquartered in Bozeman, Montana. For more information, please visit www.rightnow.com. RightNow is a registered trademark of RightNow Technologies, Inc. NASDAQ is a registered trademark of the NASDAQ Stock Market. Contact us today to find out how we can help you create the best possible customer experience for your customers. Our solutions: RightNow CX RightNow Social Experience RightNow Engage The Customer Experience Suite RightNow Web Experience RightNow Contact Center Experience RightNow CX Cloud Platform Be social with us: RightNow.com Twitter Facebook YouTube LinkedIn RightNow Blog 9 www.rightnow.com Share This