Cloud Security
With cloud playing a key role in IT modernization, the government is stepping up efforts to make it easy for agencies to adopt secure products and services
LAUDED FOR ITS scalability and cost savings, cloud technology has become a must-have in the federal
IT arena. It is a key component of the next-generation technology that is helping agencies achieve governmentwide goals
that include enhancing citizen engagement and making operations more effective and efficient. In other words, cloud technology is at the heart of IT modernization.
Despite all the benefits, however, many government IT officials still view security challenges as an overshadowing drawback.
Traditional cybersecurity methods weren’t designed to protect data in the cloud. Perimeters and firewalls don’t apply because cloud, by definition, is not within network boundaries. Furthermore, learning to navigate a complex mix of cloud environments can be challenging enough without the added burden of special security protocols.
Concerns about security are not unfounded. This year, officials revealed
that cyberattackers affiliated with Chinese intelligence agencies had been using hacking tools developed by the National Security Agency since 2016, and that U.S. Cyber Command briefly blocked the Russia-based Internet Research Agency from accessing the internet to keep the group from interfering with
the 2018 midterm elections. In addition, as cloud enables more technological capabilities such as the internet of things and edge computing, bad actors will have even more endpoints to exploit.
Nevertheless, agencies are investing
in cloud technology. In a recent Gartner survey, 39 percent of government
CIOs said cloud was the most common technology area targeted for increased investment this year, while 43 percent tagged cybersecurity and information security for increased investment. In fact, the federal cloud services market has grown from about $1.3 billion in 2010 to an expected $6.5 billion in fiscal 2018, according to Bloomberg Government.
Minimizing cyber risk in the cloud
Government leaders have been pursuing
a number of initiatives to better secure cloud environments. Arguably the biggest is the Federal Risk and Authorization Management Program. By providing a standardized approach to cloud security and a marketplace of preapproved vendors, FedRAMP aims to simplify cloud procurement and help agencies easily adopt secure products and services.
Since its unveiling in 2011, officials
say FedRAMP has grown to cover more than 5 million assets of the world’s largest cloud providers. It has developed four security baselines to match the sensitivity of agencies’ data.
This year, FedRAMP officials are focusing on a variety of initiatives, including reducing testable security requirements
for low-risk use cases and prioritizing the security of critical systems, using machine- readable formats and languages to improve the completion and analysis of security documentation, and exploring the possibility
S-10 SPONSORED CONTENT
Kostsov/Shutterstock/FCW Staff