Government data security is a no-brainer with the cloud

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Mark Rohrbach
 

Connecting state and local government leaders

By Mark Rohrbach

|

As agencies push protection mechanisms closer to the data, cloud solutions offer the ability to maintain the boundary while providing enhanced security at the data layer.

Already in 2019 there have been several large data breaches, each resulting in the exposure of significant volumes of sensitive information and identities. After review of the root causes, it's clear that sensitive data left unprotected on aging infrastructure allows actors with nefarious intent to gain access using both new attack techniques and older, tried-and-true methods.  A consistent theme has been impossible to ignore: Our network-centric approach to cybersecurity is not good enough. 

The bad guys are after our data for various reasons: identity theft, intellectual property theft, intelligence, exploitation and more. The threat is real and frequently proves that adversaries are capable of adroitly using advanced tactics to get what they want. Government organizations are not immune from this threat, as recent breaches of state agencies in Alaska and Oklahoma illustrate the need for a much more aggressive approach to protecting government data than merely securing the boundaries.

Cloud service providers can solve many of the government’s data security challenges. As Gartner’s Kasey Panetta made clear in an article last year, through 2020, public cloud infrastructure-as-a-service workloads will suffer at least 60 percent fewer security incidents than those in traditional data centers. Government executives recognize this and have issued a multitude of “cloud first” strategies and policies. The Department of Defense’s cloud strategy released in early February and the Federal Cloud Smart Strategy released by the Office of Management and Budget in October 2018  define cloud implementation as critical to the future of government success and warfighting superiority and articulate calls to action.   

In light of the acknowledged benefits the cloud provides, why has the government’s transition to cloud services been so slow?  In my opinion, there are several key obstacles that may be responsible for this sluggish transition.  A few of these are:

  • Antiquated infrastructure and applications. Many of the applications and infrastructure that run the business of the government are decades old. These legacy systems limit agencies' flexibility, while providing them limited data security. Transformation to modern systems with robust data security is critical, but it will be expensive.
  • Loss of control. The idea of having a private-sector organization store government data at a non-government facility hasn’t been fully accepted. Some think that CSPs are unable to adequately control the security as well as it can be done at government locations.
  • Resistance to change. Change is almost always difficult, and some believe that if we delay this transition a bit, then perhaps a better technology or imperative will come down the line. This mindset is underscored by the antiquated policies and processes that force modernization to travel a tortuous path to implementation.
  • Trust. For decades the government has not “trusted” anyone with its data.  Individual entities have not even trusted other government offices that have the responsibility of securely operating data centers.

Each of these concerns has a remedy in the cloud environment that will deliver better services to the government, specifically in the area of data security -- though there are certainly other areas of significant benefit as well.

  • Infrastructure. The cloud provides modern technology and significantly reduces the capital expenditure required to infuse the government with new capabilities. Infrastructure benefits include providing a secure development environment, secure data retention capabilities for meeting record retention requirements, secure data analytics as well as enabling continuity of operations and disaster recovery.
  • Loss of control. Technology offered by the CSPs allows the government to have its data in the cloud and retain data security control, such as encryption keys. If an agency desires, the CSP need not have the ability to read any of the data, and if the data is exposed, only cryptographically protected cypher text is released, with the government retaining the keys. Furthermore, cloud services offer agencies the ability to secure and automate the repeatable tasks and activities, thus eliminating data and processing errors that negatively impact their overall security posture.
  • Change is inevitable. Aging apps and infrastructure are failing and must be replaced. The cloud offers a secure way to house applications and their associated data and provides a transformation path that government can accelerate and control. Industry, which has similar sensitive data requirements, is adopting cloud service offerings at an ever-increasing pace. The government's emerging cloud strategies are focused on enabling and accelerating change.
  • Trust. Today, many government systems are controlled by contractors that have greater access to unsecured data than if the agency’s data were in the cloud. Robust authentication and access controls can ensure only the right people are seeing the data, even excluding administrators, therefore significantly reducing the insider threat. Encryption technologies and advanced key management can ensure that data at rest and in motion is not exposed and that the principle of least privilege is executed. Hybrid cloud models can support circumstances where the government simply cannot permit industry partners to store data. Implementing a focus on “trust but verify” as agencies migrate to the cloud will improve the nation's overall security posture.

We have been working at cloud migration for years with very few organizational transitions complete. Many, if not most, still have “plans” for cloud migrations that stretch well beyond the five years of the Defense Department's Future Years Defense Program. Both the Air Force and Defense Logistics Agency, however, have demonstrated that migration of enterprise applications and capabilities to the cloud is indeed possible and results in modern infrastructure, additional capabilities and secure data.  

The recently announced government cloud strategies recognize what the continued data breaches demonstrate: Boundary-based security does not provide adequate protection of sensitive data.  As government and industry are pushing the protection mechanisms closer to the data, cloud solutions offer the ability to maintain the boundary while providing enhanced security at the data layer. 

Financial and security benefits are pushing the government to accelerate cloud migration to protect critical data and maintain our technological advantage. It works. It’s necessary. Let’s go.   

NEXT STORY: Army gears up for net modernization

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.