This article is an excerpt from GovLoop’s recent guide, “5 Cloud Trends to Watch in Government.” Download the full guide here.
Today in the public sector, the use of cloud, as well as the security surrounding it, has evolved significantly. Five years ago, the government introduced FedRAMP. And today, agencies and vendors are working together to protect government assets in the cloud.
Despite this progress, there are still concerns about data security, and how agencies should manage risk and oversight for the mission-critical data that is stored in the cloud.
Agencies must be concerned with the security of the data traversing on-premise, hybrid and cloud environments. GovLoop sat down with Justin Robinson, Solutions Architect at ThunderCat Technology, to learn how an integrated, end-to-end cloud security environment can be applied and how ThunderCat and Symantec are helping agencies operationalize their cloud security.
“Today most agencies are challenged with mandates to move data from legacy systems into the cloud,” Robinson explained. “But there is no uniform policy approach to doing this. This means that agencies must be both innovative and informed in their approach.”
Federal IT leaders planning their cloud security strategy need to think about an operational and integrated cyberdefense approach, one that reflects the complexity of their IT operations and infrastructures, with their mix of cloud and on-premise solutions.
By investigating how data moves from one platform to the next, along with the paths in between, agencies can gain a holistic view of how their data in the cloud is being used. This includes operational cloud security solutions to govern access, protect information, defend against advanced threats and protect workloads as they move to – and from – the cloud. Agencies must understand where your data is and whom/what is accessing it in order to manage risk.
Cloud workload protection is critical to think about, Robinson said. Cloud security requires agencies to protect their workloads by deploying trusted security controls, monitoring across public and private clouds, across on-premises data centers, as well as automating compliance assessments. Doing this is made easier when working with the right vendor who has the precise tools and understanding of government needs.
“Symantec’s suite of cloud workload protection tools is one solution,” Robinson said. The suite offers a single cloud-based console that protects workloads across public and private clouds, and physical on-premises data centers.
Data loss prevention is another critical puzzle piece of cloud security, Robinson said. Information in motion is information at risk, meaning that agencies need to look at protecting data, including eliminating blind spots through data loss prevention policies. As the public sector stores more and more of their sensitive data in the cloud, it can be increasingly difficult to manage citizen information and protect it against loss and theft. What’s required is a strong approach to data layer security that can protect assets wherever they may exist. DLP functionality coupled with CASB capability can ease the burden of implementing data layer security for the cloud.
“Symantec’s Data Loss Prevention (DLP) tool answers these questions with a comprehensive approach to information protection that embraces today’s cloud- and mobile-centered realities,” said Robinson.
Risk management of data in the cloud is the final piece of the puzzle when it comes to operational cloud security. IT teams need to be able to embark on the process of identifying, assessing and controlling threats to their cloud networks. Symantec offers advanced tools that can help agencies effectively manage IT risks associated with key business processes, groups, or functions as well as communicate the impact of IT risk to mission stakeholders in a manner that drives change.
Symantec’s product portfolio combined with ThunderCat’s services deliver a powerful experience for government. ThunderCat provides an understanding of the federal landscape and an expertise in cybersecurity. They understand, support and work with public sector customers on how to properly respond to complex government mandates, how to store and secure their data to reduce operational risk.
“ThunderCat helps agencies address these issues by identifying areas to quickly improve their cybersecurity maturity,” Robinson said. “With data layer security, we can help agencies protect their data, whether it’s on-premise or in the cloud, and we can protect it in a way that meets government mandates and adheres to risk management for their federal agency.”
While the future of cloud is assured in government, agencies may be less sure about how to navigate cloud security. But by focusing on data loss prevention, data layer security and risk management, government agencies can double down on cloud security with confidence.