What Is Being Done to Enhance Cloud Security?
According to the survey, 91 percent of feds say securing multicloud will be a
top priority over the next two years. However, while agencies are accelerating multicloud adoption to support collaboration tools such as Microsoft Teams, security concerns abound.
Indeed, the survey found that 83 percent of respondents say their agencies are increasing multicloud adoption to support telework and mission needs related to the coronavirus pandemic. And 76 percent have begun moving critical services to the cloud to address telework-related availability issues.
Yet just 42 percent say they are trying to adapt cybersecurity strategies accordingly, but they say it’s not fast enough for the evolving cloud environment.
Few multicloud users are fully confident in their agencies’ cybersecurity postures. The main challenges to securing multicloud environments, according to the survey, include budget constraints (39 percent), difficulty meeting regulatory requirements (32 percent), the lack of a skilled workforce (32 percent), a lack of sufficient cybersecurity solutions baked in (such as APIs and identity, credential and access management solutions) and an increased attack surface (30 percent).
What is being done to secure multicloud environments? The survey suggests there’s a lot of room for improvement. About half, 51 percent, say that they are using data encryption at their agencies. But when it comes to other solutions, adoption rates start to fall off.
According to the survey, 41 percent have implemented zero-trust security principles, 39 percent have adopted FedRAMP-compliant solutions, 38 percent have established centralized controls for threat detection and 34 percent use a cloud access security broker.
Looking ahead in terms of solutions, the report recommends that cybersecurity leaders focus on agility. As clouds environments grow more complex, federal cybersecurity strategies must evolve to keep up, the report argues. “IT teams and agency leadership must meet regularly to review the state of play, confirm priorities, and adjust to ever evolving threats,” the report states.
Another step that IT leaders should take is to centralize cloud management, according to the report. “Many agencies found themselves in multi-cloud environments due to disparate cloud adoption,” the report notes. “Going forward, Feds should work toward consistency across platforms to streamline management and apply holistic cybersecurity.”
Finally, the report suggests that agency IT teams elect an “automation team captain” to be the point person for driving automation into their environments.
“Federal cyber leaders are actively working to improve multi-cloud visibility, scalability, resiliency, and control,” the report notes. “Agencies should look to automation in areas like scaling, analytics, policy, and DevSecOps to move the ball forward.”