Decisions on cloud 'all about the data,' USPS security officer says

For the U.S. Postal Service, moving applications to the cloud is determined by the data more than anything else, the agency’s chief information security officer told a Washington audience.

“One thing about data: Make sure you understand what is important to you,” said Chuck McGann, the agency's CISO, during a discussion May 2 at FedScoop’s Cloud Shoot-Out and CyberSecurity Summit, held at the Newseum in Washington, D.C.

Agencies should only deal with what they can tolerate as a risk within cloud environments, he said, noting that USPS has data in public and private clouds. 

Related stories:

Moving storage to the cloud? Don’t forget about security.

How cloud can improve intell community’s analysis

“Think about what you can risk going into the cloud,” McGann said.

The Postal Service has put ZIP code information in the public cloud, giving citizens the ability to look them up.  There was no point in USPS storing that information, he said.

However, there should be alternative paths to cloud data if there is a disruption in cloud-based services.  For example, the Postal Service has other ways for citizens to get the ZIP code information besides the cloud.

When moving to the cloud, agency managers should establish who is responsible for breaches and exposure. They should establish what kinds of controls exist for the data, such as whether the cloud provider’s environment can be audited. Another aspect to keep in mind is the recovery of encryption keys. Who holds the encryption recovery keys, especially if an agency wants to switch cloud providers?

Before moving data to the cloud, USPS goes thorough a data discovery process to find which data is being used and who owns it. During this process, USPS has discovered data that no longer has owners because people have moved on to different jobs. Now, if data does not have an owner, it is gone, he said.

USPS has all kinds of technology that can make data accessible to employees and citizens. “But it is all about the data,” McGann said. USPS has 330,000 users, so access control is imperative, he added.

“We have to change the culture of people who use and own data,” in the cloud paradigm, controlling access to only the data they need, McGann said.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected