Insight by McAfee

Cyber Leaders on Cloud Security

As the list of large data breaches continues to grow, U.S. government agencies and the firms that support them are more focused than ever on control of their data. They are looking for better ways to protect their data’s integrity and availability; and make sure it remains confidential.

The National Institute for Standards and Technology has outlined a number of processes to ensure it is protected appropriately. It’s fairly simple to do it when the data is secured in on-location data centers. But for a variety of reasons, including cost and storage space, the cloud a better option.

“When you send it out to the cloud, you need to be more trusting,” said Jonathan Feibus, Chief Information Security Officer, at the Nuclear Regulatory Commission, during our panel discussion, “Innovation in Government – Cyber leaders and Cloud Security.

“You have to understand what controls are in place in the cloud, what controls do I need to have in place when I get my data from my location to the cloud; and how do I ensure that my data is appropriately protected and I can ensure that it’s managed appropriately,” considerations, Feibus said.

Some agencies have moved portions of their data to the cloud, but Andre Mendes, the Chief Information Officer for the Department of Commerce’s International Trade Administration Bureau, told the panel, the array of options offered in the cloud, make it a smart move for organizations to move all of their data to the cloud.

“The reason why the cloud environment makes so much sense is because; effectively you build a continuous number of abstraction layers that you no longer have to worry about. Even within the cloud there are various ways you can implement the cloud, and some of them are even more advantageous than others.”

Also discussed were key considerations to include in an overall cyber security strategy. They included mitigation of the insider threat, the need to change the behavior of personnel who are potential risks and the need to improve agency-wide cyber hygiene.

Those elements are especially important, according to Ned Miller, Public Sector Business Unit Sales Executive for MVISION Cloud at McAfee, because in the future, the workplace will be everyplace, using a variety of devices.

“The work force of the future will be accustomed to working anywhere anytime any place. As a result the form factor of those devices will substantially change and be much more portable with plug and play. And for those of us that are accustomed to keyboards, we’ll have keyboards that plug into the smaller footprint devices.”

The ultimate objective is to eliminate the need to work on multiple devices. Using the cloud, the data is all in one place and easier to access, and easier to share.

Best Practices and Tools for Cloud Security

You have to start looking for the quick wins -the things that are already public facing, the things that have less of an impact on the overall agency security posture. Then you have the bigger wins, which require a lot more movement like the commodity processes -things like email, productivity suites, the bulk data that's going to be out there that you can't really say all of this is going to be very low risk or very high risk. It fall somewhere in the middle. You just have to pull the band aid off and start moving things.

The Role of People in Security

If you use infrastructure as a service you’re going to find yourself still having to patch servers, to manage servers and do all those things that go on, except the servers are now in the cloud… The other fashion in which we are leveraging the cloud is software as a service; which to me is immensely more powerful right. Then you totally and completely abstract everything else that is happening except the application itself, which is where you're going to derive the as the value for your agency.

The Move to a Mobile Workforce

A movement that's been under way for quite some time from McAfee's perspective as an example we talk about security from a device to cloud strategy and our customers have to think about their overall cyber security strategy in that vein where the device can be anything.

Listen to the full show: 

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.