The Next Generation of Secure Cloud Strategies

A Hybrid Approach

The Next Generation of Cloud Storage

The migration of data and operations to cloud-based services are inevitable. This transition comes with both benefits and concerns, especially for agencies operating under the Federal Risk and Authorization Management Program Authorization to Operate (FedRAMP ATO). Some agencies have chosen to utilize a single cloud platform for IaaS and PaaS and incorporate al a cart services for SaaS.  This, however, comes with its own set of challenges which are driven, in part, by various policies and factors including:

  • FedRAMP
    • Cloud Security Alliance
    • NIST 800-145
    • Executive Order 14028 – Improving the Nation’s Cybersecurity (5/12/2021)
    • Cloud Security Technical Reference Architecture (version 1.0 August 2021)

Cloud Conversion: Challenges and Concerns

Converting to a cloud-based platform presents numerous questions for agencies to consider. They must first determine how to evaluate, choose, implement, and manage cloud-based offerings in a way that is manageable, scalable, and resilient. Then, agencies need to address how they will migrate and/or replicate legacy cybersecurity capabilities to cloud-focused capabilities while providing the necessary cybersecurity actions to identify, detect, protect, respond, and recover from cyber incidents. Finally, they must determine how to incorporate Zero Trust principles into their cloud-based environments and systems.

All of the above must be considered in the context of the following challenges and concerns:

  • How cost effective is it to run windows-based workloads on Amazon Web Services (AWS)?
  • How cost effective is it to run Linux containers and microservices on Azure?
  • Is the cost or schedule of refactoring or re-platforming the code to be efficient in a cloud service viable for all workloads?
  • Does a single cloud-based platform limit the best services for the objectives (i.e., Google Apogee for API management?)
  • Could some workloads benefit from remaining on premises?

Another concern is many agency cybersecurity programs maintain more emphasis on security capabilities that are best suited for private data centers and do not effectively scale or adapt to the security paradigms of cloud providers. Additionally, each cloud provider has their specific approaches to applying security controls, monitoring and logging capabilities and governance risk and compliance that must be understood to effectively manage all risk.

Cloud Implementation Using a Multi-Faceted Approach

SkyePoint Decisions understands the challenges and concerns of implementing cloud-based services throughout your agency.  Our multi-faceted approach takes into consideration the unique factors that affect your agency as we develop a hybrid cloud security solution designed to preserve and protect the integrity of your overall operations. Here are some factors we evaluate and consider.

FedRAMP

Overview

We recommend taking advantage of the standardized security controls and risk assessment provided by FedRAMP to evaluate, review, and acquire cloud services that are based on a standard security framework.  It is important to understand that even with the standard security framework, the way cloud service providers (CSP) and cloud service offerings (CSO) implement the controls can vary.

The SkyePoint Solution

SkyePoint cloud security engineers can support your agency in the evaluation, selection, and implementation of the cloud capability that best meets your agency mission.

Legacy Systems

            Overview

Migrating legacy systems and applications securely to the cloud is a sensitive process requiring much attention to detail. There are several methods of migrating legacy systems to the cloud including rehosting, refactoring, re-platforming, rebuilding and replacing.  There are pros and cons to each of these strategies and choosing the wrong approach can lead to increased management costs, reduced security, and decreased visibility.

The SkyePoint Solution

Our cloud security engineers evaluate and help structure your solution using the best migration strategy designed to increase the life of a legacy system. This affords internal resources the ability to fully focus on building and/or enhancing more modern systems and addressing emerging mission requirements.

Access Management and Control

Overview

Implementing a cloud-based solution requires centralized and federated identity and access management and privilege access management. These processes require both data protection capabilities (including encryption at rest and in transit) and data loss prevention capabilities to help ensure sensitive agency information and systems are not abused or compromised. 

The SkyePoint Solution

SkyePoint implements attribute-based access control techniques and deploys next-generation access control features that provide granular capabilities specifically designed to protect agency datasets.

DevSecOps

            Overview

Incorporating and maturing security processes within development and operations is critical to securing cloud-based workloads. Static and dynamic application security testing, vulnerability scanning, containers, infrastructure as code, and immutable deployments must work together to ensure that systems deployed to the cloud not only support the risk level of the organization but are also elastic and highly deployable.

The SkyePoint Solution

Our team strategically integrates secure service mesh capabilities within your DevSecOps programs to further provide the granular, consistent, and auditable controls needed to automate the security of your data, users, and workloads.

Zero Trust     

            Overview

Many of the solutions and approaches mentioned support an agencies journey toward Zero Trust maturity.  Incorporating least privilege and attribute-based access controls across users, systems, and services helps reduce the access to exposure of agency resources.  

The SkyePoint Solution

The SkyePoint cloud security engineers have a comprehensive understanding of how to incorporate DevSecOps practices – including infrastructure as code and immutable deployments – to help increase the security and speed of the deployment of new services and features. Centralized monitoring capabilities are instituted to ensure STIG’s, security controls, and patches are appropriately applied. Implementing automated vulnerability scanning and resource monitoring provides agencies with the operational insight to ensure mission critical services remain available while continuing to maintain confidentiality and data integrity.

SkyePoint’s cloud security, development, and engineering teams will effectively support your agency in the adoption, implementation and securing of data and workloads in the cloud.  Combined with partners like GreyMatter.io, SteelCloud, Zscaler, TIBCO, and others, the SkyePoint team brings our depth of experience, knowledge, and industry capabilities to ensure your cloud strategy integration is smooth and successful. Give us a call to learn more today.