‘Balance’ Needed in Hybrid Cloud Security, Interoperability

Hybrid cloud solutions have given federal agencies more flexibility in meeting their mission-specific needs and driving operations at the edge. At GovCIO Media & Research’s CyberScape Summit Thursday, leaders from the military, civilian agencies and industry emphasized the importance of hybrid cloud to cybersecurity and the steps they are taking to keep it secure and operable.  

Vincent Sritapan, cyber section chief at Cybersecurity and Infrastructure Security Agency (CISA), said that the push for strong security and interoperability requires balance to drive a positive outcome for the customer experience.  

“It’s really important to have things like rights and access management, all those sort of play into security versus interoperability. But what I’d say is that it’s that balance. You want to do both without hindering the customer experience when you deliver a service,” Sritapan said. “If it’s anywhere hybrid, then they shouldn’t know what’s behind the scenes, right? It should just work seamlessly.” 

Jim Cosby, public sector and partners CTO at NetApp U.S. Public Sector, said that before data infrastructure can even be built, an agency needs to understand what data it has and then decide how it wants to manage, protect and store that data.  

“You really need to assess what you have and then classify what you have, break it down into what’s sensitive, what’s [unclassified], what’s highly sensitive — then you can start to design the location of that data. Is it better to exist on premise? Is it safe or better to put that in cloud? Then you can set the secure security credentials around that data as well,” Cosby said.  

Cosby emphasized that “intelligence” on the data that is being managed is essential to multi-domain operations. Whether the data is on premise or in the cloud, Cosby said it needs to be accessible everywhere, from “a core data center, an HQ, a garrison, a tarmac. You want that same technology to be at edge sites if you can. You want it in ships, submarine aircraft. Something in the size of a Coke can and a backpack on a class-ruggedized server.” 

U.S. Special Operations Command (SOCOM) CTO Mark Taylor said  the greater challenge for the service comes from maintaining legacy systems alongside new technologies.  

“The challenge that we face and the challenge that we work to overcome is the fact of having two different ways of doing business. If you try to build the future while trying to maintain and keep the old at the same time, you’re doing two things probably sub-optimally versus doing one thing well,” Taylor said. 

Taylor added that the solution lies in approaching the cloud in a holistic way, thus making sure that the way things are done in the cloud is the same way things are done on premise with the same security standards and capabilities. 

When it comes to information sharing between government and industry, Sritapan said that knowledge of agency operations is key to getting organizations in cooperation with each other.  

“The key thing starts with information sharing; understanding what is available, what you have, what your requirements are. Notably, what we do within the federal civilian space or DOD probably is not unique,” Sritapan said. “Understanding what we have, what our strengths are and what we can share across the board is unique. It’s something that, honestly, isn’t done too much.”