The move to remote work increases agency exposure to adversarial risk. Governments of all sizes are handling massive amounts of data, whether that’s constituents’ personally identifiable information (PII) or data pertaining to national security.
It is imperative for agencies to implement ways to mitigate cybercrime as more of their employees work remotely.
Below are best practices for protecting the privacy and security of data stored in the cloud:
Deploy a Uniform Risk Management Approach to Cloud
Agencies should partner with vendors that are Federal Risk and Authorization Management Program (FedRAMP)-authorized.
To provide cloud services to agencies, vendors must meet FedRAMP requirements. FedRAMP is a governmentwide program that provides a standardized approach for assessing the security of cloud products and services, authorizing them for government use and continuously monitoring the long-term security of those cloud solutions.
Check Defense Department (DoD) Cloud Computing Security Requirements
DoD uses Impact Levels, based on the type of data to be processed, to assess a cloud provider’s offering, and issues similar authorizations as FedRAMP.
Understand That Security in the Cloud Is a Shared Responsibility
For both FedRAMP and DoD Impact Levels, cloud security is a shared responsibility between the mission owner and cloud vendor.
Agencies must ensure clear and reasonable roles and responsibilities for security, scan for application vulnerabilities, review monthly continuous monitoring reports, and annually assess cloud service providers security practices and documentation
Migrate As Vendors Increase Their FedRAMP and DoD Security Authorizations
When vendors discontinue lower levels of security for higher-level controls, agencies must move to better protect digital assets.
To explore these points in more detail and learn how deploying a uniform risk management approach to cloud can better help your agency secure its data, access ServiceNow’s infographic “Securing Government Data in the Cloud” here.
Images credit: ServiceNow