At the onset of the COVID-19 pandemic many government agencies were forced to rapidly migrate to the cloud –– or, in many cases, to more than one cloud or to hybrid-cloud infrastructures. In fact, federal government cloud spending increased from $6.9 billion from 2020 to $8.1 billion in 2021. Fast-forward more than two years, and the public sector’s cloud journey is still evolving.

And while the cloud was one part of an array of strategies that made it possible for federal workers to continue to serve the public during a pandemic, it also increased security risks amid a greater attack surface and decreased visibility.

A fragmented approach to security in a multi cloud environment exacerbates this risk, particularly as agencies grapple with increasingly complex networks of devices and environments. Implementing a comprehensive multi cloud security strategy by integrating best practices across clouds and strengthening coordination with cloud and security providers is key to securing clouds and scaling digital transformation.

Understanding each cloud’s architecture

Securing multi cloud environments isn’t a one-size-fits-all solution; rather, it’s a combination of best practices. Last year, GSA released a guide to help agencies better understand multi and hybrid cloud architecture and landscapes. While the guide lays out several different strengths and opportunities for multi cloud adoption, the core weakness is an increase in the attack surface due to increased complexity.

As a result, a poorly secured multi cloud leaves critical data more vulnerable to threats. Agencies must start by cultivating a strong understanding of each cloud architecture and what sources of exposure might exist. Risk mitigation differs across different cloud services providers; therefore, identifying gaps and siloes through close coordination among agencies and cloud service providers is essential to inform a comprehensive cyber strategy for complex cloud environments.

Advancing zero trust architectures can help reduce risk across the board by restricting access only to those who need it and decreasing the overall threat surface. As last year’s cyber executive order underscored, a mature zero trust strategy can help agencies benefit from the efficiency and enhanced user experience of digital transformation while building the cyber resilience needed to safely scale progress.

Address limiting factors such as visibility

A recent cloud security report found that 47% of organizations noted their biggest challenge in migrating to the cloud is the loss of visibility and control. Decision-makers and IT leaders should address this challenge by integrating architectures to support multi cloud deployments that are secure by design. A collaborative and comprehensive approach such as mesh security can help bring fragmented infrastructures under control.

Software-defined wide-area networking (SD-WAN) technology can be used to improve visibility and control by centralizing network management processes. SD-WAN can help enable multi cloud adoption by simplifying infrastructure at the network edge, limiting congestion between multiple deployments and reducing connectivity costs. Implementing a solution with both networking and security simplifies the process even further.

Evolve security standards along with new tools

As agencies continue to migrate to complex cloud environments, federal security leaders must look beyond tactics and tools and work with industry to develop best practices to secure software supply chains across multi cloud and hybrid-cloud environments.

Increasingly, federal cloud environments unite a constellation of private and public organizations, all of which bring a range of architectures and protocols that add complexity and broaden the attack surface. Building reciprocity of standards across government will help close gaps and eliminate blind spots among cloud and cybersecurity providers and different offices, departments and agencies.

The shift to remote and hybrid work demonstrated both the value of complex cloud environments and their potential dangers. With the right combination of technology, coordination and consistency in standards and processes, together, IT and security leaders across the private and public sector can reap the benefits of the cloud while mitigating its risks.

Steve Hoffman is the President of Fortinet Federal, which focuses on meeting public sector priorities, standards, and evolving cybersecurity mandates.

In Other News
Load More