Federal agencies are looking for a new approach to securing data in the cloud.
In an effort to become more cost-effective, efficient and data-driven, many government organizations are turning to cloud services to host all the new data collected from their citizens and operations. They want to leverage that big data to make smart, analytical decisions and adopt machine learning to better model behaviors and predict outcomes.
With all of this extra data now online, the question becomes, “how can organizations protect it?” Do government employees feel their cloud strategy is keeping their data safe? To answer this question, Cloudera commissioned a Government Business Council (GBC) poll in May 2017 on the following question:
How confident are you in the security of your organization’s cloud environment?
The poll received responses from 205 federal, state and local government leaders. Many respondents felt there was room for improvement within their organization: 27% said they are not very or not at all confident in the security of their organization’s data in the cloud, while 35% had a neutral opinion. 38% said they felt confident or very confident in their organization’s data security efforts.
In 2016, federal agencies experienced “over 30,899 cyber incidents that led to the compromise of information or system functionality.” Given this frequency and the potential damage a successful cyber attack could inflict, it is imperative that agencies adopt practices and strategies that will help ensure they keep sensitive data safe. A potential attack could mean losing the public trust agencies need in order to fulfill their mission and serve their constituents.
Within the public sector, there is no room for second chances. Choosing the right cloud service provider is the first step to ensuring confidence. Agencies need a software provider with a proven record of success to set up a system they’ll be able to understand and depend on, that will keep their data safe from unauthorized access.
Second, but no less important, is choosing a data platform which runs natively in that cloud environment and can offer complete control, security, privacy and governance of their data. With a data platform like Cloudera, agencies will be able to stay one step ahead of potential threats, while achieving their big data and machine learning aspirations. These capabilities can then be uniformly implemented across various cloud service providers and on-premises too, ensuring consistent safety measures for government data anywhere.
Nearly 20% of respondents feel that their organization’s cloud providers could be more effective in controlling security.
Federal, state and local agencies deal with a variety of sensitive data every day, including the personal data of citizens they serve. It is imperative that agencies protect this data as effectively as possible — both to drive efficiencies and to maintain a level of public trust that is critical to their mission.
To determine how well agencies are meeting this challenge, Cloudera and GBC released a flash poll in May 2017:
To what extent do you agree or disagree with the following statement: “My organization’s cloud providers offer adequate security controls.”
The poll received responses from 205 government leaders. Respondents had mixed opinions: 17% disagree or strongly disagree that their organization’s cloud providers offer adequate security controls, 41% are neutral and 42% agree or strongly agree.
With the ever-evolving nature of cyber threats, it is only natural that governments feel a sense of anxiety. “I think the major thing people are afraid of is lack of control,” said Dan Lohrmann, former chief information security officer for the state of Michigan. “There’s a sense of security when you have it under your control.” Federal agencies must take steps to gain an adequate level of control the security of their data in the cloud.
Yet the security of the cloud service provider’s environment is only part of the story. Most government organizations will want to use their data in different ways, like a data warehouse or operational database or data science notebook, each of which will be exposed to different users and lines of attack. The problem is magnified when a cloud service provider doesn’t have a universal security framework or common tools for all use cases.
The good news is that a data platform like Cloudera gives government agencies the ability to authenticate users, granularly control access by role, encrypt their data in motion and at rest and store keys separately — enabling confidence in security efforts — across all applications. This restores the control that government organizations will need to be safe and successful in their cloud analytics initiatives, no matter what cloud service provider they choose.
Organizations considering cloud need to address a variety of priorities.
Cloud technology is quickly revolutionizing the IT sector, enabling systems to be more elastic, mobile and scalable. The benefits of enabling the cloud are clear: cloud technology offers agility, advanced analytics, cost-effectiveness and efficiency. Adopting the cloud in federal agencies supports better constituent services and drives more informed decision making through data insight.
There are many roadblocks, hesitations and questions that can stand in the way of successful cloud adoption, however. In order to assess these apprehensions, Cloudera and GBC released a flash poll in May 2017:
“To the best of your knowledge, which of the following represents your organization’s primary concern regarding cloud adoption?”
The poll received responses from 133 federal, state and local government leaders. Responses indicate that security concerns are the most common obstacle, with a 32% plurality listing it as their organization’s primary misgiving regarding cloud adoption. Beyond security, 24% of respondents identify lack of in-house technical expertise, 18% cite budget constraints and 17% difficulties migrating legacy applications to the cloud. 8% said that their organization has no concerns about moving to the cloud.
Government IT programs must meet a wide range of federal, state and local security standards, while also complying with record-keeping and reporting laws. This need, combined with the other potential concerns highlighted in this survey, complicate an already challenging potential jump to the cloud. When responding to such questions, finding the right partner to guide cloud adoption is essential.
A data platform for analytics on cloud infrastructures must address all these concerns. Cloudera’s open architecture and ability to work within existing structures means customers can make the transition to the cloud more quickly and confidently, without sacrificing any of the quality they have had on-premises. This allows customers to get started on their migration to cloud services sooner, more easily learn the new systems and start new data-driven projects right away. Professional services can further aid planning and migration, and share the best practices learned by other leading organizations.
This content is made possible by our sponsor. The editorial staff of Government Executive was not involved in its preparation.