Eric Trexler, vice president of global governments and critical infrastructure at Forcepoint, wrote in a Nextgov article published Tuesday that there are three strategies federal agencies should implement to secure data in the public cloud and the first one calls for agency leaders to understand that cloud providers are not responsible for data protection.
“Thus, the first step toward becoming smart about the public cloud is to get everyone to understand that protecting data begins and ends with the agency,“ Trexler wrote. “Agencies must treat that data just as they would the data that resides on-premise. They must take proactive steps toward protecting their information before it enters the public cloud and while it's there.“
Agencies should strike a balance between good cybersecurity hygiene and the need for speed among users, he noted.
“In their security policies, administrators should clearly articulate a process that users must go through when using cloud services. Users should be encouraged to work with IT and keep them apprised of any application or service that the users are interested in procuring,“ Trexler added.
Trexler also called on agencies to initiate steps to mitigate risks related to the use of public cloud, such as establishing policies, educating users on how to comply with such policies, keeping sensitive applications and data on-premises and implementing security tools and processes to track user behaviors and ensure the security of cloud-based apps.