Government Officials Re-Enforce Cloud Security Requirements
Kagansky made his observations in response to a recent report from NASCIO and Accenture, Cloud Part II: Changing the Cloud Conversation, the second report in a series on cloud computing in state government. The report includes a survey of state technology officials, which asked them questions such as how many cloud service providers are in their state. The mean answer was 22 providers.
That answer surprised Kagansky.
“I was surprised because Georgia has over 80 providers just for Software as a Service. We have 88 SaaS providers. That’s a lot of providers, and when you start talking about security, you’ve got to know where your data is and who is handling it,” he said.
For 74 percent of NASCIO-Accenture survey respondents, security is the most important benefit of cloud computing.
Speaking to that point on the NASCIO 2023 panel, Vermont CIO Denise Reilly-Hughes noted that cloud service providers are contractually required to adhere to security specifics when doing business with the state.
“We need that baseline security environment and disclosure as to where our data is. It must sit within the United States,” she said.
Reilly-Hughes said she admired a security certification program established by the Commonwealth of Massachusetts. It requires service providers to be recertified over time, as changes occur constantly. Vermont wants to establish its own version of the cybersecurity certification for vendors, Reilly-Hughes said.