Multicloud is the new norm for government agencies, as 81% now use more than one cloud platform. The use of the cloud enables enterprises across all sectors to share, collaborate and work much more efficiently and flexibly, particularly in our highly remote business world. However, cloud (and multicloud in particular) can be extremely challenging to organize, manage and secure. As such, it’s not surprising that 75% of organizations are either very or extremely concerned about the security of the cloud, especially since the likelihood of data leakage therein is much higher when proper security is not employed.
This raises questions about how government organizations are protecting their data, as well as what steps they need to take to achieve visibility, control, scalability and resilience. In this article, we will explore the best multicloud security practices that government agencies can take amid COVID-19 and beyond in order to ensure that critical information in the cloud is secured, and to ensure that government workers are empowered to securely access cloud apps and data from any device, anywhere in the world.
Why are government agencies implementing multicloud?
Agencies adopt multicloud strategies for a variety of reasons, including enhanced scalability, flexibility, efficiency and cost savings. These capabilities allow government organizations with a multicloud footprint to centralize citizen services (such as the ability to pay bills online), decrease their reliance on costly on-premises data centers, and ensure dynamism in the event of shifting business operations (for example, when moving to remote work). Additionally, multicloud reduces cloud service provider dependency and can mitigate service disruption risks, according to Gartner.
Steps are being taken to improve security but more work is needed.
Disjointed, disparate security solutions simply aren’t enough in a multicloud environment; this is true for third-party solutions as well as weaker, native functionality provided by cloud service providers. Government agencies face several challenges to securing these complex environments, including:
- Poor budgeting: Cloud security spend across all industries is forecasted to reach $12.6 billion by 2023, but public cloud spend will be nearly $500 billion within that time frame. This gap highlights the need for a greater emphasis on cloud security.
- Meeting regulatory requirements: Government organizations face a variety of regulatory frameworks; for example, federal digital services must comply with the Connected Government Act, OMB M-17-06, and the E-Government Act.
- Lack of a skilled cybersecurity workforce: The Defense Information Systems Agency recognizes the United States’ cybersecurity workforce shortage and is working to recruit more professionals into the field; studies show that the security workforce needs to grow by 62% to meet current demand.
- Lack of sufficient security controls: While 86% of organizations deploy cloud applications today, only 34% enable single sign-on, a basic yet critical tool for authenticating users as they access data in the cloud.
- Increased attack surface: As government agencies continue to increase their use of software-as-a-service apps, infrastructure-as-a-service platforms, bring your own device, and remote work, one of the outcomes is a larger attack surface for malicious actors.
How Feds Can Achieve Successful Multicloud Adoption and Future-proof Security Efforts
Government agencies need consistent security across their cloud footprints, including SaaS, IaaS, on-premises applications, web destinations, connected devices and more. Those that attempt to secure these areas with separate solutions will quickly realize that this disjointed approach can leave exploitable vulnerabilities, result in higher costs, and require greater amounts of time for their IT teams to manage.
For successful multicloud adoption and consistent security across every app, on-premises resource, device, and more, government agencies must look to secure access service edge (SASE) platforms that provide a suite of cloud security solutions in flexible, cloud-first platforms designed to protect data wherever it goes. Each SASE component brings value to the table:
- Cloud access security brokers offer end-to-end protection for data in any cloud service and any device, including IaaS platforms like Azure or Amazon Web Services and managed apps like Office 365.
- Secure web gateways that bypass the latency, cost and scalability issues tied to legacy architectures decrypt web traffic to prevent data leakage at upload and block threat URLs before they can be accessed.
- Zero trust network access grants remote workers secure access to specific on-premises resources—unlike virtual private networks, which grant users access to everything on the networks.
SASE offerings allow government organizations to secure any interaction from a single dashboard. This grants comprehensive visibility, consistent control, automated policies to comply with regulations, and time and cost savings for federal agencies that might already be operating on tight budgets.
Successful and secure multicloud adoption is possible for government organizations. With the right approach, these agencies can benefit both now and in the long run despite challenges tied to phenomena like COVID-19 that shift business operations. With the right solutions and strategies for IT and security in place, government IT staff can focus on innovating and bringing a greater quality and quantity of services to citizens.
Anurag Kahol is chief technology office and co-founder of Bitglass.