Cloud security is key to cybersecurity resilience in state and local governments
The evolution of cloud technologies and the magnitude of what they are enabling in state and local government is immeasurable—from enabling first responders in the field, vaccine distribution and tracking, to remote learning and working. In fact, cloud technologies largely enabled government operations when the COVID pandemic hit.
As the old saying goes, along with great power will always be those seeking to exploit it. Cyberattacks are far from a new phenomenon, but cybercriminals are becoming more sophisticated and evolving attacks faster. In 2021, several high-profile ransomware attacks on state and local governments, healthcare organizations, and critical infrastructure paralyzed operations and threatened the safety of citizens and their information.
And now, industry experts are warning of the advent of killware—where operational technology (OT) “is not the objective of the attack, but the means. The actual objective of the attacker is to cause harm to humans by using killware in an OT environment.”
As state and local governments continue their cloud modernization efforts at scale and across multiple cloud environments, they face even more complex cybersecurity and compliance challenges. To manage this complexity and ensure security, state and local organizations are looking for new approaches, such as secure Multicloud-as-a-Service (MCaaS).
Navigate an everchanging cloud security landscape
According to the 2020 Cybersecurity Insiders Cloud Security Report, 66 percent of organizations lack confidence in their cloud security posture. With recent high-profile and dangerous cyberattacks elevating cybersecurity from a technology issue to a national priority, the Biden administration’s Cybersecurity Executive Order is having a ripple effect across both the public and private sectors and is expected to bring changes to compliance requirements across the nation.
Securing the cloud is not as simple as buying cloud services from a vendor and assuming all the security needed is automatically included. Cloud vendors only secure the perimeter of cloud infrastructure—the physical layer—which is about 15 percent of the total security equation. The remaining 85 percent encompasses data, applications and workloads. This poses the biggest challenge as it involves designing, securing, and managing the environment to meet ever-changing security and compliance requirements while preventing cybersecurity attacks.
These challenges have been particularly acute during this long pandemic, which has exacerbated issues related to funding, IT human resources and the ability to ensure optimal levels of cybersecurity for an increasingly virtual state and local government workforce and enterprise.
To help ease the burden, state and local agencies are embracing the FedRAMP model to standardize security and compliance for cloud environments and cloud solutions.
StateRAMP, which announced its first group of authorized vendors in September 2021, is on track to become an essential bridge for secure modernization. Based on a “complete once, use many times” concept, StateRAMP stands to improve cybersecurity by transforming cloud solution procurement while reducing costs and complexity. It aims to standardize state and local governments’ approaches to security and risk assessment across cloud technologies.
To read the complete article, visit American City & County.