The evolution of
cloud security
The increasingly robust security of cloud systems helps agencies deliver faster, better customer services
WHEN THE FEDERAL
Cloud Computing Initiative
started a decade ago, many people said they wouldn’t move to the cloud
because they didn’t think the technology was secure. But early adopters believed in the promise of the cloud, forcing industry standards to come together
in the government’s Federal Risk and Authorization Management Program. FedRAMP sets the standards and
processes for how cloud computing is secured in the federal government. It
was built on the same set of laws and requirements — the Federal Information Security Management Act and the National Institute of Standards and Technology’s Risk Management Framework — that agencies were using for traditional on-premises IT systems. Using the same framework allows agencies to compare cloud security to the security of their current systems. And FedRAMP continues to evolve to be more agile and responsive to industry trends while also maintaining a high bar for security.
The result: Agencies have begun to realize that the cloud is not only as secure as their on-premises systems, but also tends to provide better security. Here’s why:
• Security is no longer seen as a roadblock at the end of a development cycle but instead is being incorporated into the process from the beginning so that when agencies launch new applications, they have the right security built in.
• The new level of trust in cloud deployments allows agencies to develop and release applications more quickly so that they can be more responsive to constituents’ and employees’ needs.
Matt Goodrich
Principal Solutions Engineer, Salesforce
Learn more at Carah.io/Cloud-Security
“Agencies have begun to realize that the cloud is not only as secure as their on-premises systems, but also tends to provide better security.”
Looking ahead
While working at the General Services Administration and the Office of Management and Budget, I had the privileged opportunity to shape how the government acquires and secures cloud computing.
From working on the Cloud First Policy
and launching FedRAMP eight years ago to collaborating on recent White House policies such as the IT Modernization Report to the President and Trusted Internet Connections 3.0 updates, I had my hand in most, if not all, of the cloud computing policies of the past 10 years.
Cloud security will continue to evolve, and it will likely look very different in the coming years. Ultimately, security is not about protecting a system, it is about protecting data. Automation, machine learning and artificial intelligence are fueling the creation of data at speeds we’ve never experienced before. That’s why industry leaders like Salesforce are already exploring new ways of thinking about data and how it can be secured. Innovative ideas for protecting data, such as the zero trust model, are popping up all the time.
Matt Goodrich is the Principal Solutions Engineer at Salesforce.
davooda/Shutterstock/FCW Staff
SPONSORED CONTENT 9