Government agencies house countless bytes of critical data that are relevant to both the lives of citizens and issues of national security. Agencies rely on that data to carry out their missions, and are fully responsible for protecting the data.
While cybersecurity policy in the public sector previously relied on a siloed design, agencies are increasingly turning to cloud services to strengthen their security measures. In an October 2015 webcast, U.S. CIO Tony Scott encouraged IT leaders to embrace the cloud for its superior security features. “The better bet is get to the cloud as quick as you can, because you’re guaranteed almost to have better security there than you will in any private thing you can do,” Scott said.
Cloud infrastructure, with its collective features, provides multilayer protection against security breaches, data loss and downtime in public sector organizations. And news is catching on about its benefits. In a 2015 PricewaterhouseCooper survey of cloud computing, 56 percent of public sector respondents said they now employ cloud-enabled cybersecurity services.
The National Renewable Energy Laboratory (NREL) of the U.S. Dept. of Energy adopted cloud technology from Amazon Web Services (AWS) to build a secure, collaborative platform to collect, curate, store and share moderately sensitive data. “Security is paramount for us. The Department of Energy signed off on this cloud environment because they were comfortable with our security protocols,” said Chris Webber, senior cloud engineer at NREL.
“Using AWS, we worry less and spend less time and money on infrastructure. As a result, we can focus more of our attention on content and data quality and on making sure our renewable energy data is discoverable by researchers around the world,” Webber said.
Government agencies and other public sector organizations are indeed targets, as they hold a tremendous amount of sensitive information. Gartner, Inc. predicts that by 2020, 30 percent of global enterprises will have been directly compromised by cyber criminals. Therefore, security is a top priority. With this in mind, cloud technologies give agencies the agility and efficiency to roll out new programs and expand their security infrastructure on an architectural level.
“The biggest security advantage to using the cloud is ability to utilize outsourced security,” said Doug Jacobson, an electrical and computer engineering professor and director of the Information Assurance Center at Iowa State University. “Many smaller organizations find it difficult to set up and manage security for their local infrastructure. With cloud-based services, you can use security features provided by the cloud provider, at a much lower cost due to the economy of scale provided by sharing resources.”
The AWS Cloud infrastructure is one of the most flexible and secure environments available today. It’s being used by multiple agencies—such as NASA, the Food and Drug Administration, Healthcare.gov of the Centers for Medicare and Medicaid Services and the National Geospatial-Intelligence Agency—as well as by numerous universities, companies and nonprofits. With its strong safeguards for privacy and network access segregation, the AWS Cloud is designed to satisfy the requirements of the most security-sensitive public agencies. It is protected by extensive network and security monitoring, and its components are continuously scanned and tested.
Secure cloud platforms are inherently flexible, agile and elastic from both a performance and scalability perspective—attributes that adapt well to cybersecurity practices. In the event of an attack, the cloud-based model enables agencies to manage and protect their assets almost instantaneously.
Jon Booth, director of the Website and New Media Group at the Centers for Medicare and Medicaid Services, explained that the high volume of visitors to Healthcare.gov created a need for strong security protections from AWS. “It’s a very high-visibility website, it’s a target, so we wanted to make sure we had a great security posture.”