Feb 01 2022

Why Protecting Federal Data in the Cloud Is More Important Than Ever

Commvault’s cloud data protection solution is the only Software as a Service so far to meet the highest level of federal cloud security controls.

More government agencies are moving data to the cloud, and the pace of that migration is picking up as well.

Indu Peddibhotla, senior director of product management for Metallic, a venture within Commvault, says there are obvious benefits of moving to the cloud, and some of the historic, inherent risks have been resolved.

In part, that stems from the formation of the Federal Risk and Authorization Management Program, an overarching framework the General Services Administration formed in 2012 to provide a standardized approach to ensure government data is protected in the public cloud. The agency established standard security authorizations for cloud service offerings that government agencies and cloud service providers can adhere to. All federal government vendors must comply with the controls to ensure data privacy and other protections.

FedRAMP provides a standardized security framework for cloud vendors like Metallic to offer cloud services to U.S. government agencies,” Peddibhotla says.

DISCOVER: Find out how Commvault solutions can keep your cloud data secure.

There are three impact levels of control: low, moderate and high.

The low level is appropriate when data that is lost or compromised would have some impact, while medium level would have severe damage. The highest level is used for the most sensitive data that would have a catastrophic effect if it was compromised.

RELATED: What are the benefits of a cloud security posture assessment?

Ensuring Protection of Critical Data in the Cloud

Metallic is the only Software as a Service data protection solution to have achieved the FedRAMP high standard, which has 421 controls for security and risk management that ensure the country’s most sensitive data is protected.

The controls prevent data loss and breaches, according to Peddibhotla. “This is data that would have catastrophic effects” if it were lost, he says. “Really, this provides peace of mind for the most sensitive customers, including those in the federal government.”

He says that Metallic, due to its roots in Commvault, is well equipped to support all data workloads. Commvault provides intelligent data services across on-premises, cloud and SaaS environments.

“Government agencies responsible for regional, state or local services are slowly following the pathways of private companies by focusing on migrating to the cloud to offer robust citizen services to customers,” according to a Commvault blog post.

EXPLORE: How to determine what does and doesn’t belong in the cloud.

Federal Cloud Security Is Evolving

A bill that passed the Senate in December, the Federal Secure Cloud Improvement and Jobs Act, would codify and update FedRAMP and is intended to help federal agencies more quickly adopt cloud services. The bill, which has been passed by the House four times, was approved in December by the Senate’s Homeland Security Committee and now moves to the full Senate for consideration.

Even as federal agencies recognize the benefits of moving to the cloud, they face challenges getting there, such as constrained resources, the threat of attacks, and operations that have traditionally been siloed.

The primary challenge, Peddibhotla says, is the sensitivity and confidentiality of the type of data government agencies keep in the cloud.

“This is paramount from this class of customer perspective,” he says.

Peddibhotla says the company is seeing its federal customers trying to get out of the silos.

“What the cloud enables them to do is to use that flexibility to remove data silos and leverage the cloud and its elasticity to remove some of those data inefficiencies,” he says.

To stay resilient and accelerate change, agencies must reshuffle their data protection strategies to remove data silos, while comprehensively safeguarding their data estate.

“That’s one of the reasons why FedRAMP was set up,” Peddibhotla says. “To streamline the process with uniform security guidelines, accelerating adoption of the cloud for businesses and agencies managing sensitive data.”

Brought to you by:

your_photo/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.