Agencies will be living in a hybrid cloud world for the foreseeable future. That means, as they continue to move between on-premise data centers and cloud service providers, they must figure out the best ways to manage and secure their data and applications.
Rob Carey, the president of Cloudera Government Solutions, said the path to secure data in the cloud comes down to understanding your data and having a strategy, and then enabling the right people to have access to meet mission goals.
Carey said he knows that’s a lot easier said than done.
“At the end of the day, the actual rules of protecting classifications of data remain fairly unchanged for the last 20 years. But the knowledge of where is it and who has access to it have changed and have been afforded tools that actually bring about those outcomes,” Carey said on Federal News Network’s Cloud Exchange. “That change that has been happening over the last couple of years has required investment. It does require thinking about who is going to be afforded that access. We’ve talked about identity and access management for a long time, but the tools are now here to afford that access at a fine grain level, which is really important because it is all about the data stupid, as we’ve been saying for many years.”
Carey said the reason why that fine grain protection and understanding of access matters now more than ever is because protecting the perimeter is nearly impossible, especially with the explosion of connected devices, sensors and edge devices. He added the hybrid cloud approach most agencies are taking only adds to the complexity of securing systems and applications, making the data really the main high-valued asset.
“It requires modern command and control tools. How do I lay a layer of security across all those disparate environments, and then look at it through a single pane of glass with someone in the security operations center?” Carey said. “If I’ve given it the same view and I have the same confidence in protecting it and affording that access as I would if I was just looking at one of the three silos, then I’m able to manage it all more cohesively, which is really nice today. There are many tools out there, including ours, that can help do that.”
The security operations center (SOC) importance as that command and control station is becoming even more critical as agencies focus on protecting data that resides in multiple clouds.
Carey said the challenge for many agencies is the wide variety of that single pane of glass approach that has grown up over last decade.
“The SOC is all about rendering a decision from the data that’s been provided to the tools that you have,” he said. “You have to prioritize where you’re going to put your money. When I was CIO, I typically could come up with a budget that was about 35%, more than what I was going to get. I would have to justify the return on investment for my investments.”
Carey said the hybrid cloud environment also adds another layer of complexity to securing data.
“Do your tools provide you a view of the hybrid environment such that you can make decisions in the SOC in near real time? Yes or no? If the answer is yes, it’s not that big of a deal. There are tools out there that help you do that,” he said. “You also think about the best practices of zero trust architectures and least privilege things like that, that you should do anyway. This will actually minimize facets of the threat to start with. Now you’re really worried about, ‘Can I now command and control or oversee what’s going on in some disparate places?’ So I think today’s tools have caught up with the reality of the hybrid computing environment. It’s a little more complex to do that. It’s obviously easier to have it all in one place.”