Jamie Dahlum
Vice President, Dept. of Navy Programs
SpinSys
Cloud-based IT systems fulfill important functions in almost every modern industry. Companies, non-profits, governments, and even educational institutions use the cloud to expand market reach, analyze performance, manage human resources and offer improved services. Naturally, effective cloud security governance is essential for any entity that wants to reap the benefits of distributed IT.
Like every IT domain, cloud computing has unique security concerns. Although the very idea of keeping data safe in the cloud has long been considered an impossible contradiction, widespread industry practices reveal numerous techniques that deliver effective cloud security. As commercial cloud providers like Amazon AWS have demonstrated by maintaining FedRAMP compliance, effective cloud security is both achievable and practical in the real world.
Charting an Impactful Security Roadmap
No IT security project can function without a solid plan. Practices that involve the cloud must vary in accordance with the domains and implementations they seek to protect.
For instance, suppose a local government agency institutes a bring your own device, or BYOD, policy. It may have to enact different oversight controls than it would if it simply barred its employees from accessing the organizational network using their personal smartphones, laptops and tablets. Likewise, a company that wants to make its data more accessible to authorized users by storing it in the cloud will probably need to take different steps to monitor access than it would if it maintained its own databases and physical servers.
This isn’t to say, as some have suggested, that successfully keeping the cloud safe is any less probable than maintaining security on a private LAN. Experience has shown that the efficacy of different cloud security measures depends on how well they adhere to certain proven methodologies. For cloud products and services that employ government data and assets, these best practices are defined as part of the Federal Risk and Authorization Management Program, or FedRAMP.