Atlantic Council Warns of Cloud-Based Risks to Federal Agencies

A new report from the Atlantic Council’s Cyber Statecraft Initiative highlights compounded risk and delegated control and visibility as cloud security issues facing the government and critical infrastructure organizations.

Federal agencies encounter compounded risk when they make use of multiple cloud services simultaneously, increasing the likelihood of breaches. Meanwhile, the concept of delegated control and visibility involves government entities lacking full transparency into cloud products and being unable to directly manage their security.

Maia Hamin, associate director at the Cyber Statecraft Initiative, explained to Nextgov/FCW that such risks are growing because organizations are increasingly assigning risk management duties to cloud service providers.

Hamin noted that the risk of compounded failure is intensified by the possibility that a single service outage or compromise could affect several government organizations at once.

According to the report, some CSPs could be hesitant to disclose the internal workings of their offerings to the government, while others may lack full visibility into their own systems.

The Cyber Statecraft Initiative recommends that critical infrastructure agencies such as the departments of Homeland Security and Energy establish authorities to survey risks to their respective sectors and determine security guidelines, Nextgov/FCW reported.