Dawn Leaf: So, I think I’d like to add a slightly different perspective.
JIm Flyzik: Okay.
Dawn Leaf: So the security requirements for IT systems and services are the same whether they’re insourced, outsourced; whether it’s a cloud delivery model or not. So what we just heard about was the methodologies associated with the cloud delivery but what we found to be the most challenging piece is actually something that was first identified in the [00:00:29] cloud computing roadmap…
JIm Flyzik: Okay.
Dawn Leaf: And I was part of that when I worked there which is that—it’s the roles and responsibilities because you now have a service provider plus you have a broker, a third party integrator, plus you have the organization. And we have found that having a really specifically laid out chart of who’s going to do what if and when you have a security event, who is going to do what if that doesn’t turn, you know, in fact turn into a breach, what are the timelines, who has what responsibility to make sure that we can still satisfy our responsibilities for FISMA compliance because you can delegate your services. You can delegate authority which you do when you move it to a provider but you can’t abdicate your responsibility.
JIm Flyzik: Right.
Dawn Leaf: So that has been the real challenge for us.
JIm Flyzik: Yeah. I think…
[END OF AUDIO 00:01:22]
…Read more
Less…