Suzette Kent, the U.S. Federal Chief Information Officer, just published the "Federal Cloud Computing Strategy."
The document about the Cloud Smart agenda is 17 pages long and details what she sees as the correct approach as government data continues to shift to the cloud.
Federal government cloud security details
We thought you might be interested to read the single page in the document that focuses on cloud security. Here it is:
Agencies should take a risk-based approach to securing cloud environments. As recommended by the Report to the President on Federal IT Modernization, agencies should emphasize "data-level protections and fully leverage modern virtualized technologies."
This requires that agencies place an emphasis on protections at the data layer in addition to the network and physical infrastructure layers, transitioning to a multi-layer defense strategy, otherwise known as defense-in-depth.
Critical to the success of this security strategy in the context of Cloud Smart is the assurance of confidentiality, integrity, and availability of Federal information as it traverses networks and rests within systems, regardless of whether those environments are managed locally, off-premises, by a Government entity, or by a contractor.
Additionally, it is essential that agencies perform continuous monitoring to detect malicious activity and dedicate effort to improving systems governance.
Successfully managing cloud adoption risks requires collaboration between agency leadership, mission owners, technology practitioners, and governance bodies.
Coordination between information security and privacy programs is necessary to ensure compliance with applicable privacy requirements and for the successful identification and management of risks to individuals when processing personally identifiable information (Pll).
Senior Agency Officials for Privacy (SAOPs) are responsible for managing the risk that may result from the creation, collection, use, and retention of PII, and have an important role to play when making decisions about the adoption of technology and processes that concern or impact the management of PII.
Cloud Smart encourages agencies to approach security and privacy in terms of intended outcomes and capabilities. The following programs are major elements of the Federal security strategy that must evolve alongside technological progress to allow agencies to take such holistic and outcome-driven approach.
Read the Federal Cloud Smart strategy document for yourself.
And join your security and privacy peers to discuss cloud security strategy face to face at a SecureWorld cybersecurity gathering in your region.