There’s good reason why the cloud migrations are among the top priorities for government CIOs and IT departments today. The benefits of the cloud are numerous and impossible to ignore. The cloud gives the government increased scalability and flexibility in its IT operations. It makes it faster to provision IT resources and services for application developers and other parties across the enterprise. And it also helps to make government applications and data more mobile and agile.
But, is the migration to the cloud safe? Is cloud security capable of meeting the rigorous security requirements of government and military applications and data?
Earlier this month, FireEye’s Ron Bushar, Vice President and CTO – Government Solutions, led a webinar about how to develop and implement a cloud assurance program. During the event he discussed steps and best practices to building a cloud assurance program for government agencies. With a dependable cloud assurance strategy in place, agencies can more easily tackle the daunting task of moving to the cloud safely and without blowing their already strapped budgets out of the water.
Following the webinar, the Government Technology Insider spoke with Bushar about cloud security considerations for government agencies as they migrate data and applications to the cloud. Here’s what he had to say:
GTI Editors: Getting apps and assets into the cloud has been seen by public sector organizations as a solution to so many problems from budget optimization to offering better services to citizens. Is it living up to its promise?
Bushar: The short answer is yes, if it’s being executed properly. In areas where cloud is being implemented properly and its full capabilities are being leveraged, there is so much that can be delivered in the form of citizen services.
However, as we all know, the government is very risk averse, which has led many organizations to create their own cloud environments instead of fully transitioning to a mature, fully functioning cloud infrastructure like Amazon AWS. The problem is issues like scalability, ROI, and risk reduction are all compromised when an agency is tasked with managing its own cloud infrastructure.
Looking forward, the cloud is going to be transformative to several different mission spaces (if it isn’t already) and the sooner government agencies and organizations become comfortable with leveraging proven cloud infrastructures, the sooner citizens and staff can reap the benefits.
GTI Editors: Are apps and assets more secure in the cloud than in data centers or on-premise?
Bushar: There are certainly caveats to this, but generally yes, especially when looking at safety measures taken by established cloud infrastructures. Nothing is ever 100 percent secure, of course. The biggest threat tends to be internal – when it comes to data and authentication, those are measures that are implemented by the agency itself, not the cloud provider. So, ensuring data security through comprehensive authentication, just like you would with an on-prem solution, is up to the agency.
It’s also important to note that we are in a stage of evolution for the cloud, specifically when we look at large scale IT networks. As more and more vital data moves to the cloud, an increased focus on that valuable data is imminent from adversaries and cyber threats. We are in a unique moment where we stand a chance of getting ahead of that problem. This is an opportunity for industry leaders and their users to be proactive instead of reactive and make resilience in the cloud a priority from the get-go.
GTI Editors: When should you think about a cloud security strategy?
Bushar: As soon as possible and always. It’s a common misconception that when considering the software or platforms being used, the responsibility of that data now falls on the shoulders of the vendor, but that’s not true. An organization never abdicates its responsibility to their data. Even though that data is being managed, it’s still your responsibility to always be thinking about the security aspect. You must have a contingency plan.
This is especially important for government agencies and organizations that often spend a long time transitioning between platforms and infrastructures. It’s not as simple as flipping a switch when making a drastic change like a cloud migration. That contingency plan with security at the core is the key to minimizing downtime, keeping citizens happy, and maintaining the safety of their data.