The Current Threat Landscape for Agencies
“We do need to pivot and align ourselves with some of these new and emerging technologies because they actually help to reduce the risk to the enterprise. Part of that conversation, certainly around digital transformation efforts revolves around the adoption of public cloud,”
-- MK Palmore, the director of the Office of the chief information security officer at Google Cloud
MK Palmore
Director, Office of the CISO, Google Cloud
Technology and the Workforce
“When you make an investment in public cloud, we feel like we have to make a commensurate investment or one that exceeds yours, so that as we partner on this idea of reducing your risk in terms of your cloud presence. It's one that's real and it's sustainable to you,”
-- MK Palmore, the director of the Office of the chief information security officer at Google Cloud
MK Palmore
Director, Office of the CISO, Google Cloud
It’s been quite a journey for agencies since the Office of Management and Budget issued the cloud first policy more than 11 years ago.
Under the follow on policy, called cloud smart, which turned three years old in June, agencies are realizing all the reasons they started this effort more than a decade ago.
Between the advancements in technology and the urgency of the pandemic, agencies are seeing how cloud adoption, specifically the public cloud, can serve as the center point for their digital transformation efforts.
From telehealth services from the Veterans Affairs Department to the Social Security Administration’s online meetings, the cloud is providing a path to serve citizens better, faster and easier.
At the same time, however, the move to cloud, and even public cloud, expands agency threat surface.
This is part of the reason why the Biden administration is pushing agencies toward a zero trust architecture.
Agencies need to be able to react more quickly to emerging and current threats through a continuous detection and response process. The cloud is one of the few ways that can happen.
MK Palmore, the director of the Office of the chief information security officer at Google Cloud, said agencies must strike the right balance of needing to digitally transform and needing to secure their data and applications.
“We do need to pivot and align ourselves with some of these new and emerging technologies because they actually help to reduce the risk to the enterprise. Part of that conversation, certainly around digital transformation efforts revolves around the adoption of public cloud,” Palmore said on Innovation in Government sponsored by Carahsoft. “The lack of agility on the part of security practitioners is part and parcel the reason why globally, we have so much difficulty protecting our environment against attacks by external adversaries. The external adversary typically has access to the same emerging and capable technologies that the defenders do, and oftentimes, in fact, are better suited because they have an ability to select the best tool for the job. They have an unlimited amount of time, essentially, in order to practice, continue to target environments, and then subsequently, in many instances, gain successful access to environments and then exfiltrate information.”
Better enterprise protections
Palmore added the cloud offers more security capability and resources to protect their data and users.
“When you think about the scale, reliability and additional resources that come with cloud adoption, you begin to really formulate the challenge in new and different ways. You begin to think about how, with this ability to scale with this ability to ingest, log and maintain petabytes of data and log information, it gives you now, not necessarily an advantage, but puts you on an even playing field with potential adversaries so that you can be in a position to even engage in the fight that you’re responsible for engaging in,” he said. “I would argue or proffer that, if you’re not looking at cloud as a potential solution to solving some of those ingestion challenges, the scale challenges in terms of global visibility into the enterprise, you’re probably missing the mark on actually identifying from a visibility standpoint, what it is that you need to virtually get your hands wrapped around, and so if you can’t do that, then you can’t adequately protect the enterprise.”
Agencies are facing a tougher time protecting their enterprise as the threat surface continues to expand and as they work in a hybrid environment.
Palmore said Google Cloud adheres to the concept of “shared fate,” or shared security model.
This concept emphasizes sharing threat information and mitigation tools based on what every organization faces from attackers.
“We have immense visibility into just the general traffic around the world. Our global infrastructure is globally based, located in hundreds of regions and zones around the world, which give us an innate capability to actually see what I like to call, based on my previous military service, over the horizon visibility,” he said. “We get to see things that are transpiring in other parts of the world. We get to see campaigns that are potentially afoot by adversaries targeting particular business verticals, or sectors, and we get to ingest that information, make changes in our own security posture.”
This means shared security helps identify real and potential threats well ahead of an attack and gives organizations the ability to improve their security capabilities in near real time.
Real, sustainable investments
Palmore said the shared fate model goes back to the long-held concept that cybersecurity is a team sport.
“When you make an investment in public cloud, we feel like we have to make a commensurate investment or one that exceeds yours, so that as we partner on this idea of reducing your risk in terms of your cloud presence. It’s one that’s real and it’s sustainable to you,” he said.
Additionally, the shared security model also provides agencies with access to artificial intelligence and machine learning tools to help with the ever-growing amount of data.
“The use of security orchestration and automation response (SOAR) playbooks, in addition to, or as an adjunct to, your security operations features, we have a tool from our product that allows organizations to actually build out playbooks that create automation in terms of how to address the 1000s upon 1000s of alerts that most organizations see in the course of the day. If you can build out playbooks to help segregate and address those alerts, especially the ones that you believe historically, you are not sure what to do with,” Palmore said. “That’s a simple example of where automation can help. There should be automation involved in how an organization onboards into the cloud so that controls and security features are enabled and present when an organization creates and starts up a workload, so that they’re starting from a best point of departure in terms of operating in the cloud.”
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.