By choosing the right cloud provider, government officials can address the top challenges identified in research by the Center for Digital Government
In numerous surveys over the past few years, state and local officials have often ranked cybersecurity among their top concerns when considering further cloud commitments. But statistics like these can be misleading. New research by the Center for Digital Government (CDG) unpacked government security considerations and found senior executives are taking a nuanced approach to cloud security and how it impacts their agencies.
In fact, overall their attitudes about cloud security are positive. Only 11 percent of the 110 senior executives who responded to the survey said they had little or no confidence that their data and resources would be secure in the cloud. Respondents were only marginally more concerned about security in hybrid clouds: 16 percent voiced a lack of confidence about security in environments that combine on-premises data centers, private clouds, software-as-a-service applications and public cloud IT infrastructures.
But given this vote of confidence in cloud security, why are only 29 percent of state and local government workloads currently running in the cloud, while approximately 60 percent of enterprises in North America rely on public cloud services?
Government officials view cloud security from multiple perspectives, and while security as it relates to cyberthreats is important, executives also need assurances they’ll have full visibility into their data and that their IT staffs won’t be overburdened by the complexity of managing and safeguarding hybrid and multi-cloud environments.
Considering the growing volume of breaches agencies must defend against each day, it’s no surprise cybersecurity remains top of mind for government executives. Seventy-nine percent of CDG survey respondents ranked data breaches as their top security concern, followed by employee negligence (53 percent).
The best cloud services can alleviate some of this anxiety with resources that match and exceed on-premises security capabilities. For example, the Google Cloud Platform makes default data encryption (at rest and in motion) a standard security practice. Survey respondents overwhelmingly see the value of default encryption -- 84 percent consider it important and 60 percent of that group deem it “very important.”
Officials also are concerned about transparency. Fifty-six percent of respondents worry that moving to the cloud will reduce their visibility and control over who is accessing their data. Executives need management controls and auditing tools in place to maintain public trust and demonstrate compliance with a host of data governance regulations.
Government leaders can get full visibility if they choose the right cloud providers. For instance, as part of the Google Cloud Platform, the Google Cloud Security Command Center offers a central management console that displays activity throughout hybrid cloud environments. This gives leaders visibility into what services are running, so they know where sensitive data is located and who is accessing it to better prevent threats. Google’s Access Transparency feature takes this a step further by providing near real-time logs of when users access content and the actions they take. On top of these controls, the Command Center enables security technicians to update or add new security policies as requirements change, which can be immediately applied across the entire cloud fleet without additional work.
Government executives also want to maintain tight security in hybrid clouds without a negative impact on their resource-strained IT organizations. Almost half (58 percent) of the respondents said they were concerned a hybrid cloud environment would create more work for their staff because of complexities around configuring and maintaining security processes.
Many cloud providers still require their clients to set and maintain security configurations for cloud infrastructure and platform resources. Complicated security policies throughout the hybrid environment can easily overburden staff. Adding to the challenge is the fact that many government IT staffs lack cloud expertise. Two-thirds of the surveyed executives acknowledged their staff currently doesn’t have the skills or training needed to secure a hybrid cloud environment.
The Google Cloud Platform offers solutions. It provides centralized configuration management capabilities to help security engineers apply enterprise standards to all new projects, and it enables administrators to maintain and update policies as the hybrid cloud environment grows and evolves. In addition, IT staff can centrally deploy new security patches for operating systems and defend against malware outbreaks. These updates happen automatically behind the scenes without extra effort from government engineers. What’s more, central IT administration reduces the management burden of traditional, on-premises data centers where administrators must manually configure security settings for each server. To top this off, Google Cloud recently announced its new hybrid and multi-cloud solution, Anthos. Anthos gives administrators the freedom to securely manage their applications across multiple clouds – even if it’s outside the Google Cloud or on premises – from a central location. With Anthos, administrators can now choose how and where they’d like to run certain applications, based on the mission area or workload requirement.
“Some government officials still balk at moving to the cloud because of security concerns,” says Scott Fleming, head of Google’s public sector professional services practice. “But native cloud security capabilities have improved dramatically. I’d argue that security can be better in the cloud than on-premises -- when it’s with the right cloud provider.”
To learn more about how to overcome common cloud concerns, download the Center for Digital Government’s issue brief, “Security as Scale: Why the Cloud is Government’s Answer for Safe Digital Transformation.”
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.