Feds Urged to Prioritize Security When Evaluating Cloud

The value of data for the Federal government is only continuing to grow as agencies implement numerous data initiatives to drive smarter decisions and deliver better outcomes – including moving to the cloud.

But one of the most significant obstacles to the adoption of cloud computing remains security concerns, Federal officials said during a GovLoop webinar on July 13.

In 2019, the Trump administration placed a significant emphasis on implementing a long-term high-level strategy to drive cloud adoption in Federal agencies, and the imperative to adopt cloud services was further reinforced by the Biden administration’s 2021 cybersecurity executive order.

While cloud services have taken hold at many Federal agencies with the payoffs of cost savings and service improvements, security remains a top priority.

“The security objectives of an organization are a key factor for decisions about outsourcing information technology services and for decisions about transitioning organizational data, applications, and other resources to a public cloud computing environment,” said Victoria Yan Pillitteri, a supervisory computer scientist for the Computer Security Division at the National Institute of Standards and Technology (NIST).

Pillitteri highlighted that NIST has issued guidance and other reports to help agencies protect data in their cloud environments. Organizations should take a risk-based approach in analyzing available security and privacy options when deciding whether to place organizational functions into a cloud environment, she added.

“Carefully plan the security and privacy aspects of cloud computing solutions before engaging them,” Pillitteri advised. This is especially important because there is no one-size-fits-all approach to cloud security or migration, she added.

Jennifer Franks, director of Information Technology and Cybersecurity at the Government Accountability Office, explained that any strong foundation for a cloud environment or data ecosystem must include security.

Franks explained that cloud-based security strategies and practices ensure that an agency’s information is safe and secured. Some agencies, she said, are restricting unwarranted access using encryption, which ensures the security of the data stored in the cloud and offers various access controls. Data recovery and backup plans are also being implemented by agencies in case of any data loss, she explained.

“IT teams should design a cloud model and data model that meets all compliance and security requirements,” Franks advised. “We have noted numerous cyber recommendations related to these issues to help Federal agencies better protect their networks and benefit from cloud computing capabilities.”