While some people still fear the cloud, most government IT leaders recognize that migration is inevitable.
But before states and localities shift the bulk of their software and infrastructure to the cloud, they’ll need to quell concerns about security and privacy.
The cloud and security dominate the mindset of public sector CIOs: A NASCIO survey ranks cloud services as the second-highest priority for 2018. That’s behind only general security and risk management, now the leader for five years running. Of course, the cloud category itself as defined on the report encompasses both security and privacy.
In addition to supporting a cloud-first mantra, government CIOs plan to move on-premises applications to the cloud. More than 80 percent of CIOs have already migrated legacy applications or intend to do so, according to The 2017 State CIO Survey by NASCIO. Such talk makes some nervous because they harbor a misconception about the cloud being less secure, but that’s generally rooted in fear and is just not the reality.
The security of modern cloud environments is stronger than ever, and often exceeds what governments are capable of providing on their own.
Reasons to Believe Cloud Security Is Strong
While nearly half of respondents (44 percent) cited technology changes such as mobile access, cloud migration and Big Data analytics as the greatest operational challenge in determining risk management decisions within CDW’s new Cybersecurity Insight report, all of that new technology doesn’t mean less security. There are ample reasons why the cloud offers more robust cybersecurity than many public sector IT departments have in-house.
For one, many states and localities struggle to attract and retain skilled IT security staff. The more remote the capital, county seat or town, the greater the challenge. Cloud providers can devote more resources and expertise to securing sensitive data than most individual organizations. In addition to access to talent, providers are better scaled to maintain audits, threat mitigation, and frequent patching and updates on their clients’ behalf.
The cloud offers another security benefit by restricting physical access. When data is housed offsite, it’s more difficult for people to access. Leading providers rely on physical controls such as concrete barriers, fences topped with barbed wire, security guards and an array of surveillance cameras. Finally, there’s affordability. Cloud technology’s subscription-based model provides the public sector with access to advanced, cutting-edge security capabilities at a lower price point than they could achieve on their own.
Public Sector Cloud Challenges to Consider
Despite the security advantages, experts agree the cloud indisputably changes the security landscape. IT leaders should be well acquainted with the challenges.
Employees often prove to be the main threat to cloud security. That’s with good reason: A successful attack requires either knowledge about vulnerabilities or just a negligent or unaware insider. Other key concerns include worries about unauthorized access, malware infiltration and an inability to monitor user activity in the cloud.
As IT teams make the case for cloud migration, they need to understand the responsibilities of providers and customers, and IT’s role in correctly implementing security controls to protect agency data. Because providers offer a wide variety of security controls, the onus is on customers to decide which to use, and to what degree. Know where enterprise data resides, and control access to that information.
Make the case for increasing the cybersecurity investment, get buy-in from senior leadership and involve them in setting strategy. Focus intensely on countering inside threats from careless or unsuspecting staff. With careful preparation, IT departments can begin to reap the benefits of moving to the cloud while minimizing the risk. That’s a win for everyone.