With the government’s Shared First initiative, the emergence of the Federal Risk and Authorization Management Program (FedRAMP) and ongoing budget pressures, migrating to the cloud has moved from an ideal to reality for many government agencies.
However, along with the efficiencies and cost savings associated with cloud computing comes a number of information security risks that must be overcome.
Cyber security guidelines are continually evolving for the cloud computing environments that agencies are currently, or will soon be, operating. While the National Institute of Standards and Technology (NIST), issued its first draft Guidelines on Security and Privacy in Public Cloud Computing nearly a year ago, a widely accepted IT service management framework like Information Technology Infrastructure Library (ITIL v3), for instance, has yet to be updated for managing a cloud computing infrastructure.
Simply put, a standard, industry-wide set of best practices for securing the cloud is still taking shape.
When the dust settles, a multi-level cloud security model that integrates traditional access control systems with concepts such as location-based access control, data at rest encryption, data leakage prevention and data ownership ultimately should be in place to best protect government agencies’ sensitive data.
But how do we get there? Here are a some ideas we believe ought to be considered:
Location-Based Access Control: Location, Location, Location
Like in real estate, location matters when it comes to user data requests. Even if an authorized user has the right credentials to access sensitive data, it may be necessary to restrict access unless they are in certain geographic locations or specific controls are in place. For example, government agencies may want to restrict access in the 100 foreign countries whose intelligence agencies have attempted to break into US security networks according to the Department of Defense.
Location-based access control can not only protect against authorized users accessing data from undesired locations, but it is also an additional layer of protection against unauthorized users such as international hackers and advanced persistent threats.
Data at Rest Encryption and Leakage Protection: Lock it Away, But Keep the (Decryption) Key
Multi-tenancy features of cloud computing, where a single instance of software runs on a server but serves multiple clients, add complications to protecting sensitive data from being stolen. In addition, the lack of physical control of the cloud computing infrastructure presents opportunities for hackers to physical access the data.
To mitigate these risks, data at rest must be encrypted and data leakage prevention technology must be employed. Data leakage technology inspects content as it moves across the network and enforces policies so confidential information doesn’t go outside the walls of an organization. These security layers make it difficult to illegally obtain sensitive data and makes that data useless if the hacker does not have the encryption key.
Data Ownership: Rent the Cloud, Own the Data
Information security professionals use the industry standard CIA (confidentiality, integrity and availability) principle, yet most tend to focus on the confidentiality and integrity of the data at the expense of availability. With a cloud environment, it is important that government agencies retain the ownership of their data even now that it is housed outside their own datacenters.
As part of a cloud security model, negotiating and awarding a contract to a cloud service provider in a way that allows the agency to retain ownership of the data is an absolute must. It can save an agency millions of dollars in the long-run. During this process technical experts should draw out a clear plan on how the agency will retrieve their data in the case of a contract termination.
Government agencies should also strongly consider using a second cloud service provider for disaster recovery and continuity of operations purposes. This will allow agencies to access their data even in the event of a legal dispute or if the service provider goes out of business. At a minimum, government agencies must insist on a data replication service to be managed in-house.
How It All Works Together
For this multi-level security model, all of the components above would work together to prevent unauthorized access of sensitive data. When a user sends a request for data, traditional access control systems with firewall, intrusion detection system (IDS) and intrusion prevention system (IPS) will inspect the request before it is cleared by the location-based access control to ensure the request is coming from an authorized geographic location.
Data will then be passed in the decryption module and the user request will not be accepted without a proper decryption key. Once this is done successfully, the user request to send the requested data will be inspected by the Data Leakage Prevention system to ensure only previously authorized data will be sent to the user.
By adopting this onion like, multi-layered cloud security model, government agencies will be sure to make hackers and unauthorized users cry.