"Federal Agencies Face Cloud Cybersecurity Challenges"

Federal agencies are planning to spend billions of dollars each year to support their IT and cybersecurity efforts, which will include migrating IT resources to secure, cost-effective commercial cloud services. Cloud computing allows agencies to access IT resources, such as servers storing digital files, over the Internet faster and for less money than it would take to own and maintain such resources. The Government Accountability Office (GAO) has identified four challenges that agencies must overcome in order to fully realize the benefits of cloud services. Federal agencies, in particular, face difficulties in ensuring cybersecurity, procuring cloud services, maintaining a skilled workforce, and tracking costs and savings. The Federal Risk and Authorization Management Program (FedRAMP) was established in 2011 by the Office of Management and Budget (OMB) to provide a standardized approach for selecting and authorizing the use of cloud services that meet federal security needs. While all 24 major federal agencies were participating in FedRAMP, GAO reported in December 2019 that many of these agencies continued to use cloud services not authorized via the program. Furthermore, the four major agencies chosen for a detailed review did not always include the required information in their cloud system security plans, summarize security control test results in security assessment reports, and identify required information in remedial action plans that are supposed to list cloud service deficiencies and how they will be mitigated. One of the reasons for these flaws, according to GAO, was that FedRAMP's requirements and guidance for implementing these control activities were not always clear, and the program's process for monitoring the status of security controls over cloud services was limited. As a result, GAO recommended that OMB hold agencies accountable for cloud service authorization via FedRAMP. It was also recommended that federal agencies improve FedRAMP program implementation by clarifying program requirements and responsibilities. This article continues to discuss the cloud cybersecurity challenges faced by federal agencies.

HSToday reports "Federal Agencies Face Cloud Cybersecurity Challenges"