Moving the government’s mission-critical compute resources to commercial clouds is like commercial rocketry. It may be getting more common but it’s not getting any easier. For agencies, the cloud imperative and the cloud challenge continue to roll forward.

In particular, cybersecurity is a moving target when it comes to cloud deployments. If security on an agency’s own networks and in its data centers isn’t adequate, it’s unlikely top-notch security will occur in the cloud. Therefore, to have high assurance of successful cloud implementations, agencies must constantly re-evaluate their security foundations. Quickly emerging are strategies for standards and interoperable tools that work across environments, on premise and in clouds, to ultimately ensure secure access and protection of data regardless of where the user or the data resides.

Current State of Cloud Adoption and Security

This year has been about moving us toward a [software-as-a-service] direction. How can we deliver services much more quickly to our men and women out on the front lines, getting the data to them? That’s the way we’re going to be able to do that. That gets us to some of the same challenges we had in the on-premises: we need visibility into all of those clouds. My goal is to have a standard approach to security as we approach each different environment.

Paul Morris

Chief Information Security Officer & Executive Director, Information Assurance and Cybersecurity, Transportation Security Administration

Containerization

I’m protecting three and a half million users, six million machines, terabytes upon terabytes of data coming in and out of the department every day. I’m pushing for open standards and communications across vendors so I can be tool agnostic. [The security requirement] could be hosted in one of my data centers, it could be a machine owned and operated by a local command, or it might be hosted within a cloud environment. So I really need a toolkit that will interoperate across a suite of systems.”

COL Brian Lyttle

Program Executive Officer of Cyber Development Directorate, Defense Information Systems Agency

Identity Management

Today’s networks have become borderless. Access management and identity management becomes the supreme strategy. You need to protect the data wherever it is – in your own data center or in the cloud. So the strategies of micro segmentation, macro segmentation, done with great agility is the first and foremost security strategy we need to embrace. And by the way, do that without overwhelming people with complexity.

Philip Quade

Chief Information Security Officer, Fortinet

Listen to the full show:

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.