Approved for 1 GIAC CPE
One of the major items to come from the President’s FY 2017 budget proposal is a $3.1 billion IT modernization fund targeting the overabundance of federal legacy IT. This fund, in combination with initiatives like FedRAMP and FITARA, could lead to an explosion of modernized cloud-based technologies across the government, including within the defense community. However, security is always front-of-mind for the DOD, and is one of the most important considerations and barriers for cloud adoption or migration. In order to balance ease of accessibility with control of sensitive data, mission information and Personally Identifiable Information (PII), we will soon see an increasing amount of DOD agencies utilize Cloud Access Security Brokers (CASBs). CASBs provide visibility and control into cloud application risk, but just like cloud services, not all brokers are created equal and it is important to look at specific capabilities to ensure budgets are being invested wisely. CASBs implement policy control to mitigate the risk of shadow cloud and cloud data properties, protect against the rising tide of advanced threats and enable security threat orchestration. These capabilities will provide DOD agencies with the tools and analytics for viewing who is using which applications, how much data is moving in and out, and where the risk lies across cloud application usage. This enables DOD agencies to govern users by recognized usage and apply policies to maintain data security across all endpoint surfaces. It also allows them to govern data - replacing sensitive data with a random tokenized or encrypted value, providing incident response, and forensics for monitoring, logging and capturing application activities. These factors, combined with data loss prevention capabilities extended to applications, severely mitigate the risk of applications leaking sensitive data or PII. This presentation will outline how DOD agencies can best extract value from their cloud investments while maintaining secure and compliant risk positioning by utilizing a CASB.