In this edition of CyberChat, host Sean Kelley, former chief information security officer of the Environmental Protection Agency, digs into cloud offerings,...
Kelley was joined by Steve Grewal, former deputy chief information officer at the General Services Administration, and former CIO of the Education Department. Grewal is now the Chief Technology Officer of Cohesity and is a member of the Exabeam Advisory Board.
Grewal said there is a learning curve around the compliance frameworks when a company first enters the government ecosystem.
“Solution providers with emerging technologies that can really help the federal government struggle with how to onboard and get started from a compliance element,” Grewal said. “I would say that’s probably the biggest challenge as a solution service provider, whether you’re a product company or you want to do business in the federal space.”
Once a company makes the decision to do business with the government, Grewal said there are a variety of compliance elements and certification areas that have to be addressed. Grewal called them “investments where the ROI is a multiyear.”
A cyber hardening is a key focus.
“In the government, you have a variety of secured configurations, baseline standards or CIS benchmarks. These can be elaborate exercises to go through for a product, [so] the company has to benchmark it and harden it, and that really costs money,” Grewal said. “There is a good level of effort to this process and it’s not only a onetime process, it’s a continuous process.”
Grewal said a lot of security elements of cloud were underdeveloped when the Cloud First policy was first introduced in 2010.
“Now fast forward, here we are nearly 10 years later and we’re seeing more adoption,” Grewal said.
The adoption of cloud offerings has more to do with the fact that “we’re now in a perimeter-less world,” Grewal said. “Cybersecurity is more focused on data and software-defined perimeter where as in the past, the focus was on protecting the physical boundaries. Now, it is protecting the logical boundaries.”
Another focus in the government is identity management and credentials.
“If you look at a lot of cyber-attacks, always the common theme is credentials. When you’re looking at your enterprise security architecture, you’re thinking about proliferation, you’re thinking about fragmentation, you’re thinking about all these sources of data transactions growing. [But], you really need solutions that can scale from a threat landscape perspective, cover all your onsite assets and your off-site assets,” Grewal said. “So, it’s scalable solutions and technologies.”
Takeaways:
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.