With federal, state and local budgets under stress and demand for critical services increasing, government IT leaders are faced with daunting objectives.
Cloud computing with its flexible delivery options and pay-as-you-go consumption model is an attractive option but security continues to be a concern, especially for government agencies with a fundamental duty to protect constituent information, such as tax returns, social security numbers, financial information and personal health records, not to mention highly sensitive intelligence and defense information.
Sean McGurk, managing principal – industrial control systems cybersecurity, Verizon Enterprise Solutions, recently conducted an educational session on evidence-based risk management in the cloud titled, “Defining the Cloud for Government,” at a conference sponsored by Public Sector Partners, an organization of California government IT leaders.
During his session, McGurk outlined a series of cloud-security recommendations for government IT leaders.
- Know and protect what’s most important by employing techniques, such as data islanding or secure enclaving.
- Consider new layers of protection, such as multi-factor authentication.
- Think beyond intrusion prevention and develop plans to address post-infection detection and response, mitigation, and log monitoring to detect data exfiltration.
- Adopt a “Deny, Disrupt, Disable, Destroy” mentality when it comes to data and systems security.
- Protect supplies changes proactively.
- Maintain open dialogue with key stakeholders during a breach, including Internet service provider, suppliers, customers and employees.
Cloud-based IT infrastructure can be just as secure as traditional IT. The cloud, just as a traditional network environment, requires careful security planning, design, and operations. Good security practices are applicable and achievable in the cloud. However, areas such as the virtualization layer require specialized attention. Hardening, access control, and encryption also require focus in building a multi-layered defense cloud environment.
This infographic provides six steps to establish a secure cloud strategy using data-centric security management. Visit the Verizon Security Solutions website for more information on cloud security.
