CLOUD SECURITY
SPONSORED CONTENT
SECURITY IN THE COMMERCIAL CLOUD: BETTER THAN EVER
As security compliance certifications have improved, agencies are more comfortable
Dmoving workloads to the cloud.
uring the past few years, defense agencies have increasingly begun to rely on commercial cloud infrastructures to store unclassified data. Part of the
isolation in virtualized layers. Today, you can have strong isolation and multi-tenancy in the compute layer by using
a hardened hypervisor purpose built for the cloud, micro- segmentation through Software Defined Networking (SDN), logical isolation of storage and encryption for data at rest.
Other important features, such as strong authentication, encryption key management services, improved infrastructure visibility and data analytics have convinced many defense agencies it’s time to gain the benefits of the commercial cloud. Amazon Web Services (AWS), for example, is connected to
the NIPRNet and other unclassified DoD networks. This lets defense agencies store, process and analyze data in ways they have not previously been able to do because of limited compute power and storage resources in their own premise data centers. The DoD can now use cloud resources to analyze the terabytes of data it collects each day in near real time to find attackers and remediate security issues.
Many defense agencies are following suit. The Air Force’s Space and Missile Center in Los Angeles, for example, turned to the commercial cloud to create test environments for the software that controls GPS satellites. “Where we needed help the most was creating test environments where we could test the software in a reliable and predictable fashion,” said Lt. General Samuel Greaves at AWS re:Invent 2016.
Without moving testing to the commercial cloud, which helps developers field enough test environments to get results, the ground software capability was in danger of being terminated,
says Greaves. “We were taking weeks to months to reconfigure between one test environment and another. The cloud capability helped us essentially buy a lot of schedule back, reduce cost and deliver capability as promised.”
COMFORT WITH THE CLOUD
The tide is clearly changing. Many believe the commercial cloud can actually be more secure than private cloud or data centers. Not only are security patches automatically applied to systems as soon as they are avail- able, but equipment and software are con- stantly being improved upon and updated.
Security compliance certifications provide confidence to defense agencies
reason for this heightened comfort level are the stringent certifications and requirements for cloud providers DoD and the federal government in general have put in place, such as FedRAMP and the Department of Defense Cloud Computing Security Requirements Guide (SRG).
Defense agencies are more comfortable using cloud providers that have achieved these high level certifications, especially when they have a successful track record managing the most business critical data of millions of customers. In fact, with the right processes and controls, there’s no reason why defense data can’t be just as secure in a commercial cloud environment.
According to a 2016 Gartner report, "The automation and programmatic infrastructure of leading IaaS providers enables enterprises to significantly improve the security protection of public cloud workloads to the extent that, if best practices are followed, they can be more secure than those in traditional data centers."*
Despite this overwhelming evidence, some are still hesitant to trust the commercial cloud with sensitive information. For example, some believe multi-tenancy—the idea that more than one organization or user share physical compute, storage or networking resources—is inherently risky.
Nearly 10 to 15 years ago, there was reason to be concerned about whether you could really have strong logical
ArtRoseStudio/Shutterstock.com