The US government wants in on the public cloud, but needs more transparency
The US federal government is trying to move more into the cloud, but service providers’ lack of transparency is harming adoption, according to Arlette Hart, the FBI’s chief information security officer.
While major providers like Amazon and Microsoft offer tools that meet the U.S. government’s regulations, not every cloud provider is set up along those lines. In Hart’s view, cloud providers need to be more transparent about what they do with security so the government and other customers can verify that their practices are sufficient for protecting data.
Companies that experience security breaches in the cloud may be most concerned about monetary losses as the result of a breach, but Hart pointed out that the federal government isn’t as much concerned about money as it is about securing data that can literally be a matter of national security.
That has proved to be somewhat of a challenge as the government tries to shift from an on-premises infrastructure to more cloud workloads. While it’s possible to move workloads from a private data center to a public cloud, doing so means changing some expectations of what the data’s security perimeter looks like and what an agency like the FBI has control over.
When it comes to other companies’ security, Hart has another tip. She suggests that businesses go meet with their local FBI agents as part of their incident response planning. That may seem like overkill, but having a relationship with the FBI before a problem arises should help when something goes wrong.