For many agencies, cloud computing is a vital component of their IT strategy because it provides the flexibility and scalability government needs to meet modern technology demands. But while there are significant benefits of the cloud, agencies must be careful not to sacrifice security during cloud migration.
To learn how organizations leverage the flexibility of cloud without decreasing their security posture, GovLoop sat down with Felipe Fernandez, Director of Systems Engineering at Fortinet Federal. Fortinet Federal provides solutions and services to help agencies build robust cybersecurity.
“The one thing agencies need to realize is that the cloud, in terms of how it’s architected, is very different from their legacy networks,” Fernandez said. “They have to educate themselves and adapt to the new architecture on which their applications will be deployed and defended.”
He explained that operating in the cloud inherently means working with an abstracted layer of equipment and understanding that applications are running on potentially shared hardware resources. Additionally, depending on the cloud configuration and licensing agreement, agency users may have more or less control over how shared resources and data are accessed.
Those unique aspects of cloud must be considered as agencies update their cybersecurity approaches, processes, and tools. For instance, service contracts must be created to strictly outline ownership of data and systems, both during migration and at system end-of-life. Additionally, cloud providers must be scrutinized to ensure they consistently maintain resilient technologies that safeguard every component of the cloud.
Finally, IT teams within agencies have to ensure that systems connected to or relying on the cloud are orchestrated to endure breaches or failures. For instance, if a cloud service is hit by a severe denial of service (DoS) attack, administrators should be able to quickly redeploy affected applications in another environment to maintain both performance and security.
Often, it will take multiple solutions provided by different vendors to create holistic cybersecurity during cloud migration and maintenance. To navigate those disparate technologies and processes, Fernandez recommended seeking help.
“There are two factors to weigh equally in your strategy. The first is having a trusted, experienced migration partner that has achieved a certified status with a cloud provider,” he said. Migration partners take the burden off of agency IT staff by coordinating and integrating all necessary technologies to ensure cybersecurity is upheld during a cloud migration. Rather than working with multiple vendors to procure separate solutions, agencies can work with this single partner to form a holistic approach to security.
Moreover, migration partners who have certified status with individual cloud providers are in a better position to determine which solutions will best support unique environments. For instance, Fortinet Federal has experience working with Microsoft’s Azure for Government, Amazon Web Services, as well as other common government cloud services.
“Then, it’s important to use available government checklists and mandates as factors to calculate whether or not you’ve securely deployed your applications in the cloud,” Fernandez continued.
As more agencies embrace cloud, the federal government has created a number of security aids, as well as standards and regulations, to safeguard those transitions. This both helps and complicate many cloud journeys. On a positive note, when agencies meet these standards they can rest assured that their cloud environments are secure. Regulations like FedRAMP clearly outline what security in the cloud should look like.
However, it can be cumbersome for agencies to navigate the ever-growing and changing list of regulations. Again, a trusted migration partner can be helpful here. Because they have experience with government compliance standards, partners like Fortinet Federal can efficiently identify certified solutions that will meet an organization’s regulatory needs.
Finally, Fernandez pointed out that by enlisting a third-party migration partner, agencies can actually decrease their overall costs. Agencies will have to dedicate fewer IT staff and labor hours to cloud migrations or management, and they don’t have to worry about unexpected failures that would take additional resources down the road. At the same time, these partners can leverage their long-standing relationships with cybersecurity and cloud vendors to ensure the appropriate solutions are acquired at the lowest price point.
Migration partners not only help agencies leverage the cloud; they also ensure they get the most out of their investment. “Our top priority at Fortinet Federal is ensuring that cloud migrations aren’t causing a lack of performance or a degradation of security,” Fernandez concluded. For government to move forward with cloud, cybersecurity must remain a top priority and that can only be achieved through effective partnership with trusted providers.
This interview is an excerpt from GovLoop’s recent guide, How to Play Your Role in Cybersecurity. To read the entire guide and learn more, click here.