Commercial cloud has become more common among federal agencies with the rise of big data and a greater need for efficiency. However, with big data comes big risk. This is why agencies are taking a “zero trust” approach to cloud security. As Frank Konieczny, CTO, Office of Information Dominance and CIO, Office of the Secretary, Air Force said on Wednesday during GovLoop’s Government Innovators Virtual Summit, “Getting down to it [we] need to secure the data. That is the crown jewel that we have, we have data”.
Konieczny along with Sol Cates, the Chief Security Officer at Vormetric, spoke about their experiences during the A Secure Cloud with Zero Trust training at the summit. The two experts reiterated that when it comes to cloud security, you cannot trust anyone. For the Air Force, cloud must meet their mission requirements. This does not always mean cost-effectiveness. First and foremost, data must be recoverable and responsive to rapidly changing environments.
Commercial cloud has become adjunct to the Air Force’s identity, allowing them to maximize confidentiality, integrity and availability in the data. Because the Air Force is constantly facing new barriers, prevention and recovery is essential to overcome any challenge. Current and future problems cannot be solved without recovery plans that have real time evaluations. With this mindset, there is no excuse for reoccurring mistakes.
Konieczny must constantly be on alert. He explains that the enemy is always among them. The very thing that creates such efficiency cannot be trusted. It must be assumed that data attackers are hiding in the cloud every minute. Konieczny demonstrated the benefits of virtualizing firewalls to increase movability of data. Without virtual consistently, it is hard to know what is happening.
Virtual firewalls also create another level of defense even though it is hardening the entire cloud environment with the enemy sitting right in the cloud with you. It is important to harden defenses of the cloud because in any scenario the enemy is going to get in. Overall, the data must be protected and with the enhanced movability, national security can be maintained in the cloud.
Another layer of security that the Department of Defense utilizes are multiple levels of certification. Different levels allow a hierarchy of access to information. With certifications, it is easier to identify attackers. As the next speaker says, you “can’t steal what you don’t have access to”.
Cates followed Konieczny's best practices speech with advice on securing your cloud. As more become interested in commercial cloud, the holes in the perimeter become more apparent. To combat this, Vormetric recommends what DoD has already embraced: certification to privileged data.
Hackers always find a way to get in. The common denominator is the access to confidential information. With heightened security clearances to data, hackers will be more easily identified. Just one of the ways Vormetric is reducing the risk is making sure unprivileged people are stripped of their data access.
However, with the commercial cloud, encryption is no longer a hindrance for agencies. Encryption is now viewed as an enabler of cost savings and competitive advantage. Additionally, Cates reveals Vormetric’s “Dirty Little Secret” that has aided their success for the past 30 years. To find that out, you will have to watch the whole training for yourself.
To learn more information about zero trust and cloud security, you can access this training and others from Govloop’s 4th Annual Governemnt Innovators Virtual Summit here. Be sure to check out the summits other trainings including our amazing keynote: How Government Can Deal with Big Data; Cybersecurity Trends and Strategies You Need to Know; Gone Agile: How Government Can Meet Citizens’ Rising Expectations; Making Big Data and Analytics Work fro Government in the Internet of Everything; and The Hurdle to Success: Keynote with Peter Schuck.