Securing the cloud

Government organizations are increasingly taking advantage of the flexibility and scalability offered by cloud computing, but they can't assume that they can simply lift-and-shift their existing security tools and processes when migrating existing systems. Cloud security is quite different from on-premises data center security.

For one thing, the client won't own the infrastructure any more, and might not have the same level of control or visibility. In addition, some legacy cybersecurity tools won't be compatible with the cloud infrastructure. Cloud service providers often replace those tools with their own cloud-native services.

Cybersecurity responsibilities also become more nuanced in a cloud environment. It isn't realistic to hold the cloud security provider wholly responsible for securing the entire cloud environment. Cloud service providers operate on a shared responsibility model, in which they secure the infrastructure but the client is responsible for securing their mission application. Each cloud service provider positions those boundaries differently across the services they offer.

Threat and security models change profoundly in the cloud. On-premises administrators used to configuring an impenetrable network perimeter must adjust to cloud environments that are visible to the public and rely heavily on permissions, zero-trust access, and actively monitor real-time activities.

Finally, each cloud service provider (CSP) is unique, which increases the complexity and cost of securing assets in a multi-cloud environment.

Leidos: Your trusted cloud security partner

The transition to the cloud is thus far more complex than it might first appear. Leidos works with multiple cloud vendors to build our expertise in event collection and analysis across their different platforms. This has given us a consistent cloud data ontology for using CSP security services in their SaaS, PaaS, and IaaS service sets.

To help navigate this complex landscape, we developed the Leidos Value Driven Cloud Migration Methodology. It maps out requirements and processes in several areas, including defining cloud security policies, structuring access controls and permissions for internal and external users, and mapping dependencies between the cloud and other systems.

One important component that the Migration Methodology addresses is the human element. To operate safely in the cloud we prepare our customers and provide Leidos cyber security force that are well adopted to operate in all cloud vendor environments either in a hybrid or full cloud model.

One measure that we recommend is the use of templates to define cloud security mechanisms consistently across government organizations. Templates can lighten the burden on human administrators by articulating what security policies are tracked and reported, and defining automatic remediation policies for rectifying mis-configurations.

The Migration Methodology bakes security into the design of the cloud from the beginning, making it an integral part of cloud operations rather than an afterthought. Our cloud projects are also backed by our Proven, Analytic-Centric Kill-chain Implementation and Transformation (PACKIT) cybersecurity maturity methodology, which we use to analyze an organization's current and target security posture.  To develop and migrate applications to the cloud Leidos utilizes and deploys reliable and repeatable CI/CI pipeline processes and technologies to gain efficiencies.  We weave DevSecOps framework into the full engineering life cycle because we understand the challenges and have the ability to launch new applications and continually operate and maintain them.

Beyond that, we also work to add value to cloud environments by helping government clients to define more granular sets of access permissions than they had in their on-premises environments. We can help explore big data and machine learning opportunities to maximize the value of securely migrated data.

Our years of experience working with government customers has helped us to understand their unique needs and constraints when dealing with sensitive data. We define cost and service baselines to provide the appropriate level of security for our federal government customers. We also use cloud access service brokers (CASB) to augment the Defense Information Systems Agency's (DISA) Secure Cloud Computing Architecture (SCCA). These approaches guarantee a consistent, repeatable, secure, and cost-conscious service for federal agencies.

Leidos can help ensure that you tick all the boxes when migrating to the cloud. Talk to us today about how our cybersecurity solutions can give you both protection and flexibility when changing your computing model.