Federal Agencies Advised to Review Security Protocols Associated With Cloud Migration

Cybersecurity experts have called on federal agencies to map security responsibilities tied to their cloud migration as they shift to a telework setup.

During a webinar on cloud adoption and security hosted by Venable, Michael Duffy, the cybersecurity and infrastructure security deputy associate director at the National Institute of Standards and Technology, said the adoption of cloud services during the pandemic marks the first time that agencies simultaneously opted to migrate to the cloud.

Duffy urged agencies to continually engage with their cloud service providers during the transition, with NIST fellow Matthew Scholl adding that there is much more to cloud migration after setting it up, Nextgov reported.

Scholl, who serves as chief of the computer security division in the information technology laboratory at NIST, stressed that agencies must clarify concepts like breakpoints, hybrid parts and shared responsibilities with their providers.

Cloud adoption often comes with misunderstandings about who is responsible for certain security protocols, especially since agencies are subject to assuming common controls that they may not have control over, Scholl explained.

Agency customers are also advised to look into identity management and access controls, trust algorithms and connections, and cryptographic key management.

Scholl added that agencies should ensure that their data loss prevention settings are still in place in the cloud environment especially if they allow their workers to use their personal devices.