Cloud security

Government, Industry Officials Say Data Security Essential in Cloud Migration

Government agencies must consider security in their efforts to migrate technologies to the cloud.

Speaking at GovCIO Media & Research’s “CyberScape: Insider Threats” event on Thursday, Stacy Bostjanick, defense industrial base cyber chief at the Department of Defense, said helping companies improve their cybersecurity capabilities would give warfighters confidence that their solutions will be protected. She also noted that cloud capabilities should be secure so the military can take full advantage of the technology.

Bostjanick, who spoke at the Potomac Officers Club’s 2022 CMMC Forum, and other officials said data security is an essential part of migrating to the cloud, GovCIO reported.

Other cloud-related security aspects that need to be addressed include cloud migration security and the zero trust architecture. Joe Foster, cloud computing program manager at NASA, said the space agency adopted the National Institute of Standards and Technology’s Risk Management Framework 853 Revision 5 to improve IT architecture security while moving to the cloud.

Michael Epley, chief architect and security strategist at Red Hat, said organizations should focus on zero trust so common security controls would be consistent and cohesive across the enterprise.

Cloud security has been a hot topic across the U.S. defense enterprise over the past few years. In late February, the Pentagon’s chief information officer introduced new cloud security policies after discovering a flaw in its Microsoft Azure-hosted emails that made military data accessible to the public.

The government has also awarded Federal Risk and Authorization Management Program certifications to multiple companies for their cloud security offerings. Two of the most recent FedRAMP awards were issued for Infoblox’s BloxOne Threat Defense Federal Cloud and Orca Security’s Cloud Security Platform.

In June 2022, the Cybersecurity and Infrastructure Security Agency released the second version of the Cloud Security Technical Reference Architecture, guidance that helps government agencies use commercial cloud offerings securely.