Establishing Identity in a Cloud Computing Environment

Aired Wednesday, July 15th at 2:05pm

Cloud Computing is rapidly gaining currency as the critical government IT initiative for the next several years. This initiative recently received a major boost from President Barack Obama's fiscal 2010 budget request and a related White House report in May that called for a transformation of Federal IT with the widespread adoption of Cloud Computing delivery model. Proponents such as OMB CIO Vivek Kundra are advocating a partnership between government and commercial service providers to deliver applications and IT resources through Cloud Computing subscriptions for software, infrastructures and platforms.

This dynamic and new approach to networking, data storage,resource budgeting, and information management promises to reduce the escalating costs of larger and more complex computer networks through pooling resources. However, this new approach places greater emphasis on establishing the identity of those seeking entry.

Panelists will discuss how the transformation of Federal IT along with a Cloud Computing delivery model places greater emphasis on establishing identity. To that end, faced with the risk that an intruder might breach the initial logon and have access to sensitive or even classified data, what is being done to ensure that the right people access the right places? What steps are being taken to validate user credentials, to authenticate their identity at critical junctures, and to authorize access to the places where people are sanctioned to go? These issues and their impact on current identity management policies will be explored.

Panelists:
Roberta G. Stempfley- Chief Information Officer, Defense Information System Agency, DOD
Tim Grance- Program Manager of the Cyber and Network Security Program, National Institute of Standards and Technology
Doc Shankar- Engineer, IBM Federal Security
David Hunter- Chief Technology Officer, Public Sector, VMware, Inc.


Moderator: Ron Ritchey -Technologist - Cloud Computing, Booz Allen Hamilton




About the Panel:

Roberta G. Stempfley
Chief Information Officer
Defense Information Systems Agency, DOD


Roberta G. Stempfley is the Chief Information Officer, responsible for developing, maintaining, and facilitating the implementation of the Agency's information technology (IT) architecture, enabling DISA to accomplish its critical combat support missions. As CIO, she ensures that Agency IT and information assurance programs and policies are fully coordinated, integrated, and effectively implemented and are aligned with the Agency's strategy and with applicable laws and regulations.

Prior to assuming this position, she was the Deputy Chief Information Officer and Vice Director for Strategic Planning. In that role, she was responsible for supporting the Director in decision making; strategy development and communicating that strategy both internally and externally; aligning DISA program execution with Department of Defense (DoD) strategy for planning, engineering, acquiring, fielding and supporting global-net-centric solutions; operating the Global Information Grid (GIG); information assurance; and management of DISA information technology resources.

Mrs. Stempfley received a bachelor of science degree in engineering mathematics from the University of Arizona and a master of science degree in computer science with a specialization in computer security from James Madison University. In 2002, she graduated from the Federal Executive Institute and the National Security Management Course



Tim Grance
Program Manager of the Cyber and Network Security Program
National Institute of Standards and Technology


Tim Grance is a senior computer scientist in the Information Technology Laboratory at the National Institute of Standards and Technology in Gaithersburg, MD. He leads a 27-person team of researchers in the Systems and Network Security Group and is engaged in a broad research program focused on such topics as forensics, access control, identity management, vulnerability analysis, privacy protections, security metrics, protocol security, smart cards, and wireless/mobile device security. In addition, he is also the Program Manager for Cyber and Network Security (CNS) Program and exercises broad technical and programmatic oversight over the NIST CNS portfolio. This portfolio includes high profile projects such as the NIST Hash Competition, Cloud Computing, Security Content Automation Protocol (SCAP), Protocol Security (DNS, BGP, IPv6), Combinatorial Testing, and the National Vulnerability Database.

He has extensive public and private experience in accounting, law enforcement, and computer security. He has written on diverse topics including incident handling, intrusion detection, privacy, metrics, contingency planning, forensics, and identity management. He was named in 2003 to the Fed 100 by Federal Computer Week as one of the most influential people in Information Technology for the US Government. He is also is a recipient of the US Department of Commerce's highest award—a Gold Medal, from the Secretary of Commerce. He has been at NIST since 1995.




Doc Shankar
Engineer
IBM Federal Security

Doc Shankar is a Distinguished Engineer at IBM. At IBM, he has held a variety of technical and management positions. He has extensive experience in space systems, software engineering and computer security. He is currently with the IBM Federal team with particular focus on Security in Open Systems, Cyber Space and Cloud Computing.. He has a Ph.D in Computer Sciences from UC, Berkeley.








David Hunter
Chief Technology Officer, Public Sector
VMware, Inc.

David Hunter is VMware's Chief Technology Officer for Public Sector. In this role, David functions primarily as a liaison between VMware and the public sector community, evangelizing virtualization's value to improving the business of government. He also ensures that VMware considers the unique requirements of the government community as part of our product development.

Prior to his role as Public Sector CTO, David led VMware's Partner Engineering organization, where he was responsible for VMware's engineering engagements with server and storage vendors as well as VMware's hardware certification programs.

David has over 25 years of industry experience and has held senior engineering management positions at Digital Equipment Corporation, Compaq Computer Corporation and SQU Systems. He has worked on a broad range of systems and applications including runtime patching of Linux-based telecommunication devices; dynamic binary post-link optimization; performance analysis of operating systems and databases; real-time hardware design and operating systems development. David holds 3 U.S. Patents and has a B.S.E.E. in Computer Engineering from Northeastern University, a diploma in National Security and Strategic Studies from the U.S. Naval War College and is a graduate of the Joint Forces Staff Officer College. He served three years on the Secretary of the Navy's Reserve Force Policy Board and is currently a member of Northeastern University's College of Computer & Electrical Industrial Advisory Board.




Ron Ritchey
Technologist - Cloud Computing
Booz Allen Hamilton

Dr. Ritchey is a leading technologist specializing in information assurance (IA) with over 20 years experience working within the IT industry. He is an active researcher in the IA field and is widely published on network security topics including co-authoring the well regarded Inside Network Perimeter Security book. He has authored courses on computer security that have been taught across the country and is a faculty member of the SANS Institute, the Institute for Applied Network Security, and George Mason University. Dr. Ritchey holds masters and bachelors degrees in computer science from GMU and a Ph.D. in Information Technology from their School of Information Technology and Engineering. At Booz Allen, he leads a team dedicated to the development and maintenance of state-of-the-art information assurance capabilities. His focus is on the identification and elimination of the root causes of information assurance weaknesses.