Cloud computing or hosted solutions by a Cloud Services Provider or CSP are ever increasing across the utility industry landscape. Many utilities have been slow or reluctant to embrace these solutions due in part to the amount of unfounded FUD (Fear, Uncertainly, and Doubt) that has been surrounding software-as-a-service (SaaS) solutions.
In this episode, we will discuss cloud hosting, an overview of security and user access, and discuss some organizational considerations when implementing SaaS solutions.
*This will be the first in a series focused on this topic with each subsequent podcast taking a deeper dive into a specific area including access control, cross-server data sharing, workload use cases, and CIP compliance to name a few.
Host
Dr. Nathan Wallace, Director & Co-Founder of GridIntel and Cybirical, has BS degrees in Electrical Engineering, and Physics, a MS in Engineering, and a Ph.D. in Engineering from Louisiana Tech University with a focus in Cyberspace Engineering. Dr. Wallace has worked for multiple utilities and joined Ampirical as a Staff Engineer and Director of Cyber Operations for its sister companies GridIntel and Cybirical. He is responsible for assessing various power system cybersecurity risks. He is a member of a cybersecurity industry advisory group to FERC and is the working group chair of two new IEEE Power system cybersecurity standards.
Guest
Samara Moore, Security Assurance Senior Manager and Global Energy Specialist, leads the security and compliance program for regulated industries and public sector in the Americas region for Amazon Web Services (AWS). As a thought leader and seasoned cybersecurity practitioner, she has focused her career on implementing and sustaining programs to effectively manage cyber risks and align security measures with business and IT strategies. Prior to joining AWS, Mrs. Moore managed enterprise security programs for regulated and non-regulated environments for a major energy provider. She also managing security programs within the federal government for over 10 years, including as a former Director of Critical Infrastructure Cybersecurity for the WH National Security Council and Sr. Cybersecurity Advisor at the Energy Department. Mrs. Moore has worked in security consulting, operations and policy, and led the development of frameworks such as the Electricity Sector Cybersecurity Capability Maturity Model and supported the development of the NIST Cyber Security Framework.
Additional Information
For additional information in reference to this episode, please utilize the below links:
An Overview of the AWS Cloud Adoption Framework
The AWS CAF helps organizations understand cloud adoption, and provides structure to identify and address gaps in skills and processes. Applying the AWS CAF in your organization results in an actionable plan with defined work streams that can guide your organization’s path to cloud adoption.
AWS Well-Architected Framework
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions.
This whitepaper provides security best practices that will help you define your Information Security Management System (ISMS) and build a set of security policies and processes for your organization so you can protect your data and assets in the AWS Cloud.