Making the Case for Cloud Security in Government

The adoption of cloud services continues to accelerate, meaning organizations are not only more comfortable with, but quickly moving their data and services to cloud environments. According to Gartner, by 2016, cloud computing will become the majority of new IT spend. Government agencies have also been rapidly moving to the cloud. In 2011, the U.S. Federal Government released the Federal Cloud Computing Strategy that instituted a Cloud First policy. The policy is designed to encourage the government to evaluate and modify their IT portfolios by requiring federal agencies to adopt a cloud option if it’s available for new IT projects. Several state and local governments follow the Cloud First policy, including the State of Colorado where I previously worked as the CISO.

Although security has often been considered a barrier to cloud adoption, I actually believe that the inherent design of cloud environments makes it the perfect delivery platform for security services, especially for governments. Government agencies are typically resource constrained both in financial and human capital. And in today’s cyber security labor market, it will continue to be extremely difficult to attract and retain qualified staff to maintain and run the traditional, on-premise software-based solutions. Given this, the following are the top reasons that governments should strongly consider adopting cloud security solutions:

1. Faster time to value – Compared to on-premise, software-based solutions, cloud security solutions are already ‘up and running’ so deployment is instant. The cloud is inherently scalable and immediately begins working for the largest government enterprise and can grow or shrink automatically based on demand. Software-based solutions often take months to deploy and as such, oftentimes becomes ‘shelfware’ once it’s realized how difficult and expensive it is to deploy.

2. Minimize security staff resources – Software-based solutions require substantial overhead. For example, in a large-scale deployment, limited security staff resources are often consumed, and I might argue, wasted on administrative tasks such as standing up servers, managing software updates and patches, and performing backups. With cloud-based solutions, there are no agents or software to install, servers to manage, or updates to make. The cloud service provider now handles all of these tasks and the security staff can focus on their core job – taking meaningful and intelligence driven action to prevent cyber attacks against the government agency for which they work.

3. Always up-to-date – Cloud based security solutions also have the unique advantage in that they are automatically updated and always contain the latest patches, vulnerability or malware signatures, or threat intelligence necessary for the government security team to make real-time decisions.

4. Crowd sourced, real-time learning – Another tremendous benefit of cloud based security solutions is that they can quickly learn from other customers and apply this knowledge seamlessly and automatically for everyone’s benefit. For example, once an attack against one customer is identified and analyzed, the cloud service can be automatically updated to quickly protect all other customers using the solution.

Managing the IT security and compliance of an organization is a never-ending, complex task. Today’s security perimeters are often distributed, complex and highly dynamic making it difficult to keep up with ever-evolving cyber threats and ensure its overall security posture. In order for businesses to adapt to this ever-changing landscape, it is critical to deploy best practices and frameworks in order to meet these complex security needs and do so continuously.

The benefits that cloud-based technologies can provide government entities can enable these organizations to not only be more efficient, agile, and maximize their IT investments, but also allows them to focus on the task at hand – which is ensuring the security of their syste