Protecting Data in a Government Hybrid Cloud Environment

Protecting Data in a Government Hybrid Cloud Environment

By Gov CIO Outlook | Tuesday, July 16, 2019

Despite how things have changed with the adoption of cloud computing, security should remain a primary concern within government agencies. Rather than relying on cloud providers to keep information safe, agencies should proactively take measures to protect data while it leaves the workplace and moves into the hybrid cloud environment.

FREMONT, CA: The growth in hybrid cloud compute models, where some applications are kept within the premises, have increased concerns surrounding data protection. Data must be safeguarded, whether it is stored and processed locally or in the cloud. Agencies employing cloud providers for infrastructure as a service (IaaS), must remember that vendors are only responsible for the hosted environment. They are primarily concerned with reinforcing their infrastructure and separation between tenants and are not troubled about monitoring the data, stored and processed by clients.

Here are two strategies that will help government organizations to achieve security of data in hybrid cloud environments:

1. Acquiring Visibility into In-flight Data Leaving the Cloud:

When a user logs into a cloud-based application through a computer or mobile device, data passes simultaneously between the cloud provider and the agency’s network. While data is in-flight to the contributor, it can be easy to drop visibility. At this position, agencies have no power or visibility over the data, making it vulnerable to security thefts and threats. Inline proxy analysis can address the problem as it provides IT teams with visibility into end-users who submits a request through the cloud services.

In today’s mobile-enabled world, with a proxy approach, a user accesses an application on a device through a request to get authenticated. The request is transmitted to a reverse proxy URL overseeing communications between user device and the cloud service, offering a transparent view of data transfer between the provider and client.

2. Control User Access to Data:

When users ask for information from a cloud service, it is important that IT teams know whether they are low-risk or high-risk employees so they can limit access. Risk levels can easily be verified through behavioral analysis. With this process, users are allocated a unique score based on their job role and baseline analysis of their standard behavioral patterns. Whenever a variation from the established behavioral pattern is noticed, the system sends an alert. Even a slight difference in user behavior could indicate a potential breach, prompting access control or revoked permissions.  

Weekly Brief