Companies preparing for Cybersecurity Maturity Model Certification (CMMC) should beware of firms that are promising to get them certified, said a government official. Stacy Bostjanick, director of CMMC, Office of the Under Secretary of Defense (A&S), stated that any firms claiming to be able to do that are not capable of that function yet.
December’s news of yet another highly sophisticated break into U.S. government agencies’ cyber systems didn’t come as a surprise to the Government Accountability Office. The government’s auditing agency investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems. In some ways, it saw this coming.
Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.
Officials from several federal agencies testified on Wednesday as to the effectiveness of the government’s cloud accreditation process, the Federal Risk and Authorization Management Program, with mixed reviews. Most witnesses before the U.S. House of Representatives Committee on Oversight and Reform’s Subcommittee on Government Operations hearing, entitled To the Cloud! The Cloudy Role of FedRAMP in IT Modernization, confirmed the positive benefits of the program.
The federal government’s comfort level with the cloud improves, due in part to standards and more offerings from commercial cloud providers.
Although it is already ubiquitous in the private sector, cloud computing has had a slow adoption by the federal government. That trend is shifting, an expert says, as the federal government, as well as state and local governments, employ more cloud computing.
The cloud and data security go hand-in-hand. While cloud computing provides valuable IT architectures and solutions for government agencies, it also requires them to relinquish data security to public cloud service providers.
While it’s clear the cloud is the future of government IT, concerns surrounding cloud security continue to abound. Some agency IT personnel remain skittish about handing over data to cloud service providers and skeptical that the data will remain out of the hands of bad actors. As a result, they’re more comfortable housing information in legacy IT systems, even if those systems are, in some cases, decades old and prone to security vulnerabilities.
In truth, deploying a cloud IT infrastructure is ideal for managing today’s ever-changing threat landscape, for several reasons. Here are three reasons why.
The evolution of information technology is heading toward a hyperconverged infrastructure (HCI). Companies such as Cisco and Nutanix already are delivering HCI platforms that logically and seamlessly manage, configure and allocate memory. Additionally, a software-centric HCI combines computing, storage, network and virtualization technologies into one system, which can streamline resources and eliminate the need to navigate to different applications and platforms.