Stephen Kovac, vice president for global government and head of corporate compliance at Zscaler, has said that agencies must consider cloud security in efforts to fortify digital infrastructure through the Continuous Diagnostics and Mitigation program.
Kovac wrote in a Nextgov piece published Friday that federal agencies need to ensure that their cloud service providers implement security controls and technologies that are interoperable with existing environments.
He added that agency chief information officers should ensure that cloud resources have proper network visibility, implement a “zero-trust“ approach and comply with federal regulations such as the Federal Information Security Modernization Act and Trusted Internet Connection 3.0.
According to Kovac, the Department of Homeland Security's Dynamic and Evolving Federal Enterprise Network Defense effort has flexible requirements that enable agencies to “implement CDM on their own terms“ through a wide range of mobile and cloud security offerings.
“The good news is that CDM is proactively reaching out to the leading cloud service providers to discuss cloud-based solutions that may be incorporated in their offerings to help solve inventory and data collection goals,“ said Kovac. “There are no silver bullets, but the CDM program is evolving to help secure a Cloud Smart government.“