Everything we do in today’s complex IT world revolves around the need to secure the enterprise. Without having the confidence that data and information is protected, adoption will be stifled, innovation will suffer and services will not be delivered efficiently and effectively.
With increasing demand from citizens to provide modernized services, agencies are looking to technology as a means to offer relief from tight budgets and a lean workforce.
But we all know the security discussion is complex conversation that involves an intricate network of regulations and policies. At the federal level, there are countless examples of security practices that need to be followed – and many state and local municipalities have adopted similar standards.
A white paper I read from a NIST working group does a great job of breaking out the two security areas – technical and process. I’d encourage you to read the report here. Here are the eight Technical Security Controls identified in the report:
- Visibility for Consumers
- Control for Consumers
- Data Security
- Risk of Account Compromise
- Identity Credential and Access Management (ICAM) and Authorization
- Multi-tenancy Risks and Concerns
- Cloud-based Denial of Service
- Incidence Response
The visibility for consumers challenge really stood out to me as a particularly complex issue. Often there’s a mix of where data is stored; some data remains local due to security and compliance or sensitivity. Other data in the cloud might move locations overnight. We’ve heard the phrases data-at-rest and data-in-transit time and time again – and how these definitions impact the cloud and security of information.
On top of all these issues, agencies often have multiple cloud agreements. How can agencies manage their solutions, and gain awareness of solutions across the enterprise? Are there ways that agencies can leverage existing solutions?
These questions are important to answer, and they lead me to wonder: are cloud brokers the way of the future for government?
Cloud brokers present many benefits to government agencies. They serve as the intermediary between vendors and government. Due to the complexity of the cloud, one service provider may not be able to provide all the requirements that your agency may need. That’s where a cloud broker can help your agency create a customized cloud solution.
Cloud brokers manage the cloud adoption process, and integrate everything into a single location, helping you to centrally manage numerous platforms and services.
Although a standardized definition is hard to come by, the basic role of a cloud vendor may include some of the following:
- Centrally managing multiple cloud solutions, helping to reduce costs and improving efficiency of IT solutions across an agency
- Vetting a vendor to be sure that it meets the agency’s security and compliance standards
- Helping with the quick provisioning of additional services
With the cloud broker, better visibility and transparency can occur for data management. But the concept of a cloud broker is new, and there is a lot of work to understand how to leverage a broker – and if you need one.
We’re working on a cloud guide, and I’d love to chat with you if you’ve worked with a cloud broker (or if you are one). It’s something I believe is going to be increasingly important to help agencies manage their data and services. I’d be thrilled if you left a comment here, or feel free to shoot me an email (firstname.lastname@example.org), and I appreciate any time you’d have to chat.