3 elements for success for the FISMA High cloud

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Nick Evans
 

Connecting state and local government leaders

By Nick Evans

|

When government agencies combine solutions from cloud providers with third-party products, they can set up monitoring and access controls to provide the same data integrity they would expect from their own systems.

As federal agencies continue to consider public or commercial cloud services as a way to cut costs and improve IT service delivery, security concerns remain a major deterrent, especially when it comes to migrating mission-critical workloads.

Recent industry studies show that a majority of organizations (51 percent) still consider their effectiveness in securing data and applications in the cloud to be “low,” with only 26 percent rating their effectiveness as “high.”

To address these concerns, agencies must ensure cloud services meet the requirements of the Federal Information Security Management Act of 2002,better known as FISMA. FISMA accreditation is based on three primary security objectives: the confidentiality, integrity and availability of systems and data.

FISMA accreditation, however, is not a one-size-fits-all proposition. There are three levels: Low, Moderate and High. The majority (roughly 65 percent) of accredited systems in the government today are FISMA Moderate. About another 15 percent are FISMA Low,  and the remaining 20 percent are FISMA High.

FISMA High systems are those of critical importance to an agency. A breach of the confidentiality, integrity and availability of such systems and data would result in a severe degradation of an agency’s ability to perform its primary mission function, a financial loss to individuals, or a loss of significant intellectual property.

However, despite recent innovations in cloud security, fears persist that a move to the public cloud requires a sacrifice of security and control over an organization’s infrastructure. As agencies continue to focus on FISMA Moderate systems in the public cloud, they appear reluctant to move FISMA High workloads due to concerns about data sensitivity, availability or overall protection.

Those concerns may have been valid in the early days of cloud computing, before service providers had the geographically-dispersed data centers and high-availability capabilities they do today. But leading service providers now offer the redundancy and resiliency suited to even the most critical data.

Furthermore, technology innovations over the last couple of years have resulted in cloud infrastructure offerings and products that further enhance the security of public cloud environments.

Today, when government agencies combine solutions from leading cloud providers with third-party, off-the-shelf products, they can implement monitoring capabilities and access controls to provide the same level of data integrity they would expect from their own internal systems.

Consequently, government agencies no longer need to fear moving their FISMA High work to the public cloud. By combining the following three key elements into their implementation, agencies can successfully migrate even their most critical systems to the public cloud. Those elements are:

A cloud service provider with a very strong security policy: The reputation of a cloud service provider is based on the security of their infrastructure. If their infrastructure is breached because of a lack of built-in security, they may find themselves out of business. For that reason, major service providers have substantially beefed up their security capabilities and now have some of the most secure IT infrastructures and facilities in the world.

Strong third-party products: Cloud providers are responsible for basic security of their infrastructures,  providing products that secure network endpoints, operating systems and the application data hosted in the cloud environment. These products can cloak network endpoints and hide them from unauthorized users while controlling who can access data.

An experienced integrator to enable cloud infrastructure: Government agencies should take advantage of the constantly evolving expertise of systems integrators who understand the implications of different levels of FISMA requirements as well as the requirements of traditional data center environments. An experienced integrator knows how to migrate government organizations to the cloud and what it takes to do that securely.

Not all cloud providers are equal. But with the correct partnerships and capabilities in place, government agencies can now more fully embrace the savings, efficiencies and security of the public cloud. The old concerns about security, resiliency and control are no longer relevant if the cloud environment is enabled for FISMA High.


NEXT STORY: Citizen developers as a force multiplier in the enterprise

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.