Since 2010, the U.S. Executive Office has been encouraging agencies to leverage the cloud to improve citizen services.
Now, according to the new “Cloud Smart” strategy, a group of federal agencies are taking the lead to identify the best way to make that happen. Relying on input from industry and the broader federal IT community, OMB, DHS, GSA and others are putting together “a work plan of actions and targeted policy updates” to advance the strategy over the next 18 months.
After digesting the strategy’s initial overview, I was impressed. The government appears to have a good grasp on the shortcomings of the prior “Cloud First” initiative, and in the new Cloud Smart strategy, it has identified security as one of the top three key areas requiring “serious consideration and investment…”
Several recommendations made in the document resemble best practices used by some of the more adept commercial cloud adopters and are worth noting:
- The plan acknowledges that moving from on-premise to the cloud does not necessarily take advantage of cloud capabilities and emphasizes that agency adopters must have the right REASONS for moving to the cloud.
- To achieve the government’s desired outcomes, agency adopters must take advantage of the auto-scaling and auto-provisioning capabilities that the cloud offers.
- The government recognizes that DHS’s CDM program “must continue to evolve” and emphasizes that monitoring tools and capabilities are needed to understand cyber risks in the cloud.
Of the three key areas of focus (security, procurement and workforce), I believe that security will pose the greatest challenge to the federal government.
When it comes to tacking the security challenges, the government should consider addressing the following in the final draft of its Cloud Smart strategy:
- Can an agency’s security product handle things that are auto-provisioned and auto-scaled? This is an important (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Rod Musser. Read the original post at: https://www.tripwire.com/state-of-security/government/the-us-government-is-getting-smarter-on-cloud/