Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


Risks, Threats, and Vulnerabilities in Moving to the Cloud

  • “If you look at large organizations like the DoD, they have embraced this. They are looking to buy infrastructures as a service and even moving office automation to the cloud. For smaller organizations, though, it is something of a challenge, so we wanted to look at and give people some ideas about the challenges they will face when they do this.”
  • Watch

  • Listen

    Loading Podcast.....
  • Related

    SEI Blog Post | 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud

  • Abstract

    Organizations continue to develop new applications in or migrate existing applications to cloud-based services. The federal government recently made cloud-adoption a central tenet of its IT modernization strategy. An organization that adopts cloud technologies and/or chooses cloud service providers (CSP)s and services or applications without becoming fully informed of the risks involved exposes itself to a myriad of commercial, financial, technical, legal, and compliance risks. In this podcast, Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud.

  • Transcript

About the Speaker

  • Donald Faatz

    Donald Faatz is a security solutions engineer in the SEI’s CERT Division. Faatz’s ongoing work focuses on understanding and architecting mitigation solutions for cybersecurity risks associated with emerging and evolving technologies, such as cloud computing and the Internet of Things. Faatz’s past experience includes developing reference architectures that address cybersecurity challenges facing electric utilities. He has also researched graphical modeling techniques for cybersecurity architecture, for which he was awarded a patent.

  • Timothy Morrow

    Tim Morrow is the situational awareness technical manager in the SEI CERT Division’s Monitoring and Response Directorate. Morrow applies architecture-centric approaches to systems-of-systems to analyze and identify potential risks to improve their cybersecurity. Morrow’s past experience includes providing acquisition and technical support for the complete lifecycle of DoD and non-DoD programs.