This blog post is an excerpt from GovLoop Academy’s recent course, “How to Leverage the Power of Government Cloud.”
Government agencies are increasingly turning to cloud computing to execute mission-critical operations and provide services to citizens. In order to be successful, agencies must partner with the right cloud service provider.
Cloud technologies – whether software, platforms or infrastructure – provide elastic, on-demand computing to government agencies at lower cost and higher performance than traditional, local computing resources. Cloud can transform government operations without requiring IT administrators to rip out and replace costly legacy systems. And it can empower frontline staff to quickly create and upgrade services to connect with citizens.
Similar to many other industries, government needs the agility to respond to almost any situation. But while the private sector can easily find such flexibility in the cloud, for governments, it’s not so simple. In addition to obtaining the computing and development power of the cloud, agencies must adhere to the highest levels of security while meeting complex U.S. government compliance regulations.
To really gain the benefits of a cloud environment, agencies have to go beyond the “lift-and-shift” mentality of simply transitioning one-off services or systems to new environments. In those scenarios, organizations primarily leverage the infrastructure capabilities of the cloud to transition workloads without really enhancing them. Sure, they may see some of the efficiency gains of cloud computing, but they aren’t really getting much in terms of process improvement.
To really use cloud for strategic development, agencies have to enter a second wave of migration that focuses on using platform-as-a-service, or PaaS. By using cloud platforms, you can really focus on improving mission-critical tasks because you don’t have to worry about patching, scaling and other turnkey tasks related to middleware and operating systems. Instead, agency leaders can focus on data and applications on streamlined platforms.
Additionally, agencies have to make sure they’re choosing the right cloud service provider or CSP.
Azure Government makes that easy by offering unique, hybrid flexibility that allows you to establish a secure, compliant network and run cloud as a platform atop your infrastructure.
Before you determine what security you need in your CSP, you’ll first want to understand what your current security capabilities are. Ask yourself:
- Do you know who is accessing your data?
- Can you grant access to your data based on risk in real time?
- Can you protect your data on devices, in the cloud and in transit? (and)
- Can you quickly find and react to a breach?
Most likely, you’ll discover that your agency needs a trusted third-party to help you answer “yes” to all of these questions because cybersecurity today is inherently complex.
To make sure you choose the right cloud vendor, start by checking that it has been vetted by regulatory bodies. Your cloud solution should, at minimum, meet government standards for security.
For instance, Azure Government adheres to the Criminal Justice Information Services Security Policy (or CJIS), has FedRAMP Moderate and High authorization, and complies with the US Federal Information Processing Standard – among others.
Microsoft also has special protections in place for defense customers, including physical isolation for Defense-only customer data. Plus, it’s DoD Level 5 authorized; supports Defense Federal Acquisition Regulation Supplements (DFARS); and, it exceeds NIST security requirements for DoD certifications.
These regulations can really only be met if the cloud vendor builds security into every stage of cloud deployment, from creation to installation to management. That’s why Microsoft follows a Security Development Lifecycle that embeds requirements into every phase of development.
But more than having extensive security certifications, the right cloud provider will also have a strategic approach to help you address cybersecurity concerns.
Today, data lives everywhere, not just in data centers or on desktops. But, how do you put a firewall everywhere? The key is to approach security differently. As your data expands, identity should become your new firewall.
Rather than tracking the billions of pieces of information swirling in and out of IT systems, agencies should monitor the users who access that data. While your data might be nearly infinite, you can define who should have access to what information and systems, when, and from where.
That’s the approach Microsoft takes to cybersecurity. Using Azure Active Directory, or Azure AD, a multi-tenant cloud based directory and identity management service, agencies can constantly monitor users for appropriate access.
Azure AD includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management, role-based access control, application usage monitoring, rich auditing and security monitoring and alerting. These capabilities can help secure cloud based applications, streamline IT processes, cut costs and help meet compliance goals. With Azure AD, identity becomes the new firewall.
One of the most important capabilities of Azure AD is automated user provisioning. It allows you to automate the creation, maintenance and removal of user identities in cloud applications to ensure that only appropriate employees are using your information. That avoids the costs, inefficiencies, and human error associated with manual provisioning processes.
If an identity is compromised, your data is compromised. An identity-based approach to security ensures that any data misuse is quickly detected and remedied.
There are multiple cloud providers in the public space, but few offer the unique capabilities required by local, state and federal government agencies. Choose a CSP that provides hybrid flexibility, comprehensive compliance, superior protections and government-only services to help your agency do more with cloud.