Don Adams

Don Adams is Vice President, Chief Security Officer and Chief Technology Officer - Government at TIBCO. In this position, he provides expertise in security, government strategy and emerging technologies related to the TIBCO family of software solutions and service offerings. Prior to TIBCO, Don was the Chief Technology Officer of TriStrata Inc. where he helped set the overall security philosophy, design and systems architecture for the revolutionary TriStrata Secure Information Management System. Don spent six years at Sun Microsystems prior to TriStrata as Principal Architect, Security and Networks. He led programs generating over $4.5 billion for Sun. He also spent a highly decorated 23-year career in the United States Air Force. Don holds a bachelor degree in computer technology from Chaminade University in Honolulu and a masters degree in business from Central Michigan University. Don was a contributing author of the McGraw Hill Homeland Security Handbook, and its second edition coming out this year.


Can You Trust Your Current Operating System to Protect You?

May 22, 2012 by Leave a Comment
Email

Software, including operating systems, increases your level of assurance in the environment and can mitigate – if not remediate  most of the exposure from the personnel and physical environment your cloud is operated within.

On top of trustworthy (or sometimes untrustworthy) hardware, a multi-tenancy cloud center should use trusted operating systems like SE-Linux or Solaris 11 with trusted features to mitigate and isolate the information from unintended blending or internal exfiltration between competing organizations and trusted internal administrators (who may likely, as was the case in Wiki Leaks, be the largest threat). The government, academia, and software vendors spent far more money than you would ever want to know building, testing, and certifying trusted operating systems only to see them marginalized in utilization because of perceived issues of complexity and limited trained staffs to properly implement and configure them.

Why a trusted Operating System?

Your operating systems have access to every bit that is executed on or against them and in their memory space. [Read more...]

Filed Under: Cloud, Cloud, Cyber Security, Tech Trends, Two-Second Advantage

Living in the Cloud: Cool vs. Critical

April 20, 2012 by Leave a Comment
Email

The critical elements you need to fully understand before living in the cloud are the physical attributes of the cloud center: staffing, patrols, power, law enforcement and fire or other disaster access, location and method of secure backup, and recovery. This is all in addition to the nature of the hardware itself. You wouldn’t live in a house without understanding the physical security aspects, and you certainly should not place your sensitive information and processing somewhere with any less care.

At a major communications hub in South Korea, we conducted a security and resilience audit for critical secure voice systems. We tested security and access controls, interviewed security forces on response procedures, and exercised re-constitution plans. We checked all supporting systems, microwave radios, and antenna towers. We determined a simple loss of one tower would destroy not just primary, but backup communications into and out of the entire country. The moral of this story is that you cannot overlook even the simplest physical security and continuity element of your system. [Read more...]

Filed Under: Cloud, Cyber Security, Financial Services, Government, Healthcare, Industries, Retail, Tech Trends

Nothing New in Cloud Security

April 12, 2012 by Leave a Comment
Email

Many in the business and academic communities have been up in arms that security risks are too high in cloud implementations, and therefore the status quo is better for sensitive government and commercial environments. Many of those same individuals and organizations are pursuing research grants to come up with new and revolutionary ways to meet this “menacing challenge.” Others joining the chorus have significant investment and long-term contracts to exploit and continue to profit from the status quo. In reality, the issues – when viewed clearly – are the same for a cloud-hosted environment or any well-managed bespoke data center. Let’s delve into the fundamentals that we have known for decades to address the security questions about cloud deployments;l they are the fundamental technical solutions we often ignore or forget in our rush to pursue the “latest and greatest.”

Let’s begin by asking: “What do you know about your cloud provider?” What certifications, evaluations and practices define them? From Amazon Web Services (which has nearly every certification from PCI and FIPS and FISMA to FedRAMP) to your favorite legacy systems integrator, (who has some subset of the measures of trustworthiness) you need to know why they are adequate and appropriate to your information and mission. While the mentioned certifications are mostly for targeted environments, they are very significant to how much you as an end-customer can trust their environment and processes. [Read more...]

Filed Under: Cloud, Cloud, Cyber Security, Government, Tech Trends