The Defense Department is working to develop additional security standards and practices for the commercial cloud that are tailored to protect sensitive and classified information, C4ISR & Networks reported Friday.
John Edwards writes that the agency is looking to adapt commercial cloud security to fit DoD requirements for hosting its data.
Stacy Cleveland, vice president of global practices for the U.S. public sector at Hewlett-Packard‘s enterprise services business, told the publication DoD and the Defense Information Systems Agency have identified gaps in the areas of audits, boundary defenses, incident response and privilege user access.
“To address these concerns they have created new standards to protect the DoD data that moves to commercially hosted cloud services,” Cleveland said.
“[Security] must be built into data and applications to mitigate… risk and that the risk management framework should be applied to accelerate the certification and accreditation process.”
She noted that DoD must also work with the cloud service provider to proactively monitor compliance with security requirements.
According to Cleveland, CSPs are responsible for the integration of cloud resources while DoD is in charge of the certification and accreditation of CSP services.