Security Challenges and Solutions for Federal Government Adoption of Cloud Computing Software as a Service (SaaS) Email Services

Share Article

Whitepaper prepared at request of Government to aid agencies in planning and adoption of cloud computing services as well as provide insights to vendors with cloud computing offerings.

SecureIT, a recognized leader in cybersecurity and risk management professional and technical services for Federal government agencies and Fortune 1000 corporations, announced the availability of a whitepaper on the challenges associated with SaaS Email services. The paper provides recommendations on best practices for meeting Federal Government security controls specified in the FedRAMP program. The sponsor of the paper was the GSA Federal Cloud Computing Initiative (FCCI) through the private-public partnership association with the American Council for Technology-Industry Advisory Council (ACT-IAC). Mr. Jim Graham, Senior Vice President of Federal Programs at SecureIT and the Chair for Cybersecurity at ACT-IAC was the co-lead of a group of security experts from cloud service providers, technology vendors, and security practitioners that contributed to the development of the paper.

The paper titled “Cloud Computing Security Considerations and Recommendations, Usage Scenario: Software as a Service Electronic Mail” identifies some of the unique security risks and challenges that need to be addressed with respect to Email Software as a Service solutions. Some of the challenges identified and discussed in the paper relate to the Federal government’s Trusted Internet Connection (TIC); Boundary Constraints and Multi-Tenancy; Identity Management and Access Control; Incident Response and Forensics; Governance, Security Authorization, and Continuous Monitoring. The paper also presents best practices and solutions which can be used to address security risks and comply with regulatory mandates. It incorporates new (draft) federal security guidance from the FedRAMP program and provides perspectives and recommendations on how government can approach and secure their respective cloud-based implementations for email.

About SecureIT
Understand the Threat. Implement Strategy. Manage Risk and Comply with Regulations.
SecureIT is a professional and technical services firm specializing in cybersecurity and risk management. Government agencies, corporations and other non-profit organizations engage SecureIT to identify and manage risks in business processes, technology and contracted services. SecureIT services and solutions span Cybersecurity, Information Assurance, Governance, Risk & Compliance, IT Audit, and Security Training. Founded in 2001, the company is comprised of experienced and certified security, privacy and IT audit professionals that sit on the boards and are active in Washington DC area chapters of information security organizations such as ISACA, ACT-IAC and ISSA. SecureIT serves Federal Civilian and Defense agencies, Fortune 1000 corporations and non-profit organizations with a special focus on security, controls and auditing of financial systems/services and regulated industries.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David Trout
Email >
Visit website