An update on government cybersecurity in the cloud
Jul 23, 2015
Cybersecurity continues to be an issue for government organizations. A survey conducted by the International Information System Security Certification Consortium found that federal information security experts have a poor view of the government's cybersecurity in general, with almost 50 percent of respondents saying the government is seeing no return on recent security investments. Recent attacks against organizations have spurred more conversations about the effectiveness of government cybersecurity measures.
How does the cloud factor in to this discussion? Many view cloud computing as less secure than traditional on-premises IT infrastructure. However, the cloud offers a way for government agencies to strengthen their security protocols and better manage their processes and data. According to InformationWeek contributor Andrew Froehlich, the data generated and then stored in the cloud can offer agencies the intelligence necessary to detect, track and stop security threats more efficiently.
DoD requirements for cloud infrastructure
Federal government agencies have started to move to more data to the cloud. The Department of Defense instituted more stringent cloud security requirements in January 2015 in response to a switch to commercial cloud providers, according to Federal Times contributor Aaron Boyd. There are six classes of certification requirements. Levels 1 and 2 denote data that can exist in a public cloud; levels 3 and 4 will live in a virtual private network and require secure login information; and levels 5 and 6 will be given to national security systems not connected to a cloud environment.
The government organization asked for input from citizens and information security experts alike with an online draft of the document. It received over 800 comments, demonstrating that people still view government cloud cybersecurity to be an important issue.
"This is an opportunity to get the agility, economic and technical advantages from commercial cloud and do that without putting the department at risk by leveraging the virtual separation capabilities that commercial cloud providers have, up to a level of sensitivity," Mark Orndorff, mission assurance executive and designated accrediting authority for the Defense Information Systems Agency, said during a panel in January, as reported by Boyd.
Bringing it all together
The new DoD requirements are a precaution the federal government is putting in place due to continued adoption of commercial, public cloud environments, but it just serves to highlight the importance and effectiveness of government cloud computing. The cloud can offer agencies at local, state and federal levels greater protection against data thieves, and organizations are beginning to adopt at greater rates.