In May, the President signed an Executive Order aimed at enhancing cybersecurity at Federal government agencies. Of its handful of mandates, migration of computing resources to the cloud is likely to have the most sweeping Federal impact. While Federal agencies are feeling the pressure to accelerate their plans to shift to the cloud, they understand that they need to do so with minimal disruption. In a recent survey conducted by MeriTalk and Fortinet, 70 percent of Federal IT decision makers believe that the majority of Federal agencies will rely on hybrid cloud environments to power core applications over the next decade.
The number one challenge identified by Federal agencies in migrating to the cloud is expanding security measures and policies to cover cloud environments. To date, confidence is hard to find. Only 35% of Federal IT leaders believe that the security of their existing private cloud environments is excellent, and this drops to 21% for public cloud. They have similar concerns for the security of data that has to move between physical and virtual environments.
Visibility Needs to Improve
Part of the problem is that many Federal IT infrastructures already have significant security challenges. Traditionally highly complex Federal infrastructures will need to be reengineered before they can be successfully migrated to a cloud environment. As it stands now, only a third of Federal IT managers report having a high level of visibility into their existing network environments. Adding a cloud infrastructure without making significant changes is likely to reduce that visibility even further.
Agile Segmentation a Foundational Need
As a result, architectural planning, with strong and agile network segmentation, needs to be prioritized. Rushing into such a migration and trying to solve overnight all of the architectural and security issues that have evolved over decades will just lead to more problems. Federal agencies need to start by establishing a planning and action horizon, and then steadily march toward it.
Consequence-Based Engineering is a Dimension of Risk Management
This process needs to start with identifying the specific bad consequences that they want to avoid, and engineering as many of them as possible out of Federal hybrid networks. What are the large data sets that cannot be compromised? What services need to be available with high confidence even in stressed conditions? What co-dependencies exist that cannot be broken? Intentional design and consequence-based engineering will always address far more security challenges than the traditional approach of simply trying to bolt additional security devices onto the back of the existing network. Commercial and Federal organizations need to start by assuming that persistent actors will penetrate their networks, and formulate architectures and objectives to achieve risk mitigations via consequence-based engineering.
Automation & Integration to Address the Problems of Speed & Scale
We also need to thoughtfully apply advanced concepts from the commercial sector that implement automated cyber defense solutions tailored for hybrid cloud architectures. Developing and implementing integrated and automated cyber defenses will allow agencies to address the growing challenges they face due to increasing numbers of connected devices and related data volume. Real-time, contextual-based threat intelligence combined with an information-sharing architecture allows agencies to address the challenges and concerns of protecting critical data and systems, along with intellectual property.
Hybrid Public-Private Clouds: A Secure Interim or Permanent Solution
The good news is that some modern commercial security solutions are designed to enable a strategic migration to a cloud-centric environment. Careful planning and the implementation of security tools that can enforce security posture seamlessly across hybrid environments avoid forcing organizations to take an all-at-once or all-or-nothing approach to migrations.
In fact, there are options that not only enable agencies to keep government and citizen data safe, but can actually increase visibility and control, enable agile segmentation, and otherwise protect their systems at speed and scale, even in distributed and multi-cloud environments.
We can no longer afford to relegate security to an afterthought, or implement it as a series of isolated security platforms. Agencies that are able to establish effective security integration between their physical and virtual environments over an integrated security fabric can more effectively integrate security, SIEMs and other analytic tools to centralize management and enable automation.
It’s well within each Federal department and agency’s reach to achieve hybrid cloud environments with the sort of broad visibility and granular controls that weren’t realized with traditionally isolated security resources. It will enable the dynamic sharing and correlating of threat intelligence gathered from across the distributed network, and implement automation in order to make critical decisions at machine speeds. The Executive Order represents an opportunity to achieve both greater efficiencies and security postures, and is a critical step forward in securing the Federal governments critical cyber resources.
Learn more about Fortinet Federal and its solutions for Federal agencies.