Cloud providers haven't managed to completely persuade the government IT community that they can provide the necessary controls to ensure security and prove regulatory compliance.
Cloud computing has been a hot topic among federal CIOs and their teams in recent years. In response to the Obama administration’s cloud-first initiative announced in 2011 -- which requires agencies to move some of their services (e.g., email) to the cloud and ensure security and proper management of data stored in the cloud -- federal agencies have significantly reduced the number of applications hosted in government-owned data centers.
Even as organizations worldwide move more of their sensitive information into the cloud, hackers are adapting, finding new ways to compromise cloud environments. This threat is particularly acute for government agencies, because hacking of their highly sensitive data could imperil national security as well as citizens’ trust -- something that's been borne out by headline-making breaches at the Office of Personnel Management, the National Security Agency, the U.S. Navy and other agencies in the last few years. However, the benefits of cloud computing for federal and local governments continue to push this initiative forward.
Just recently, the second annual Netwrix 2016 Cloud Security Survey probed current cloud security concerns from over 600 organizations’ and surfaced possible ways to ensure data protection in the cloud. This data was analyzed to highlight trends and shifts in perceptions of and experience with the technology. Here are some important takeaways from the report for federal and local governments:
Cloud migration fears and concerns
The survey revealed that 87 percent of government entities in the United States are afraid to move their critical assets to the cloud because of security and privacy concerns. The major barriers that keep state and local government CIOs from a broader adoption of cloud technology are concerns about unauthorized access and account hijacking (80 percent), fear of losing control over data (60 percent), and issues associated with data backup and recovery (53 percent).
In short, although cloud providers try hard to secure cloud environments, they haven't managed to completely persuade the IT community that they can provide the necessary controls to ensure security and prove regulatory compliance. In fact, 40 percent of respondents believe they would not be able to enforce all the required security policies on a cloud provider’s site. Even more organizations (80 percent) are concerned about their own user activity in the cloud, stating that employees with legitimate access to critical systems pose a bigger threat to data integrity than anyone else.
Benefits of moving to the cloud
Despite the common reservations, cloud adoption is already positively impacting IT security for government agencies that have adopted it. Almost 50 percent of government agencies said that the cloud has improved the security of their systems and data -- and no one stated that their cybersecurity worsened as a result of cloud adoption. Cloud computing offers government agencies a powerful instrument to improve risk management, deliver more timely services and significantly reduce burdens on internal IT resources. According to the survey results, the key benefit that governments have realized through cloud adoption is higher availability of systems (70 percent), which is followed by flexibility in resource utilization (50 percent) and cost savings (40 percent).
Keys to ensuring data protection
No matter what security mechanisms an organization has in place, there will always be risk of malicious activity by insiders or external hackers. No wonder that a vast majority of government agencies (93 percent) agreed that visibility into user activity in the cloud is a crucial component for security and business integrity.
Indeed, without a clear understanding of what‘s going on in their IT environments, agencies cannot keep sensitive data under control and be confident about using powerful cloud technologies. Deep visibility into security incidents combined with user behavior analytics can help IT managers meet this challenge and mitigate the risk of data leakage by validating security policies, increasing user accountability and detecting insider and outsider threats at early stages.
NEXT STORY: GSA wants to expand cloud shared services