The key to protecting information and applications stored in the cloud has more to do with the organizations using the tech than the platforms themselves, according to a federal cloud security expert.
When it comes to cybersecurity, it’s easy for agencies to become enthralled by the latest products and services, but even the most cutting-edge tool can’t replace solid risk management and security practices, said Dan Jacobs, the senior security architect for the Technology Transformation Services and Centers of Excellence program at the General Services Administration.
As agencies move more of their operations to the cloud, it’s important that they approach security with a focus on people and processes, not just procurement, he said.
“Many of the problems we face as a security community aren’t actually technical problems at all,” Jacobs said Tuesday at a lunch hosted by Symantec and produced by the events division of Government Executive Media Group, Nextgov's parent company. “Many times they’re human problems. If we’re not equipped to deal with that, we’re going to continue to bang our head against the wall trying to figure out the way forward.”
But despite years of warnings from cyber experts and oversight groups, the government is still struggling to implement even the most basic measures to lock down its sprawling IT infrastructure. Referencing a recent Government Accountability Office report that found most agencies still lack effective cybersecurity plans, Jacobs said agencies will need to improve their execution if they want to keep information safe in the cloud.
Beyond planning and policy, Jacobs said the government also stands to benefit from treating security like a team sport and investing threat intelligence, bug bounties and other crow ..
Support the originator by clicking the read the rest link below.
