There’s so much upside to the cloud that it’s easy to overlook the risks: by moving to the cloud, federal agencies can recoup costs, ensure connectivity, and cater to remote work. It’s no wonder that Gartner forecast infrastructure-as-a-service (IaaS) to grow by 29.8% this year.
But it’s not all upside: for government agencies, moving to the cloud can scale existing vulnerabilities and introduce new risks. Whether it’s accidental data exposure, over-provisioning rights, extending weak passwords to new environments, or failing to govern identities, government agencies need to prepare for turbulence when heading to the cloud.
It’s because of those risks that, even though Gartner is bullish about the cloud’s market potential, the advisory firm also predicted that the number of organizations that would “unknowingly and mistakenly expose some applications, network segments, storage, and APIs directly to the public” would double from 2018 to 2022.
Those risks scale as organizations bolt-on additional cloud services and environments: a recent VentureBeat article noted that the “more complex a multicloud configuration, the more it becomes a minefield for zero-trust implementation.”
It’s because of these trends that getting multi-cloud security right is just as important as it is timely. That’s why I’m looking forward to moderating a panel of experts who will discuss some of the risks that can result from multi-cloud environments and the best practices for keeping multi-cloud secure at the Billington CyberSecurity Summit on Wednesday, September 6 at 10:30 AM ET.
Our panel, “Managing Identity in a Multi-Cloud Environment,” will bring together experts from the U.S. Department of the Treasury, the Office of the Chief Information Officer for the Joint Worldwide Intelligence Communications System (JWICS), and others on the front lines of securing the cloud.
Just in preparing for the event, it’s clear to me that one of the best practices for keeping multi-cloud secure is to prioritize identity. Gartner predicted that 75% of cloud security failures will result from the “inadequate management of identities, access, and privileges.”
That’s a startling number. And what’s equally alarming is that cybersecurity isn’t aware of how frequent those misconfigurations will result in cloud security incidents. The 2023 RSA ID IQ Report—which assessed more than 2,350 respondents identity security knowledge and capabilities—found that only 62% believed that identity and governance failures will be the main cause of cloud security failures. Even though that figure represents the lion’s share of responses, it’s concerning that more than a third of tech and cybersecurity experts didn’t account for identity in securing multi-cloud.
We’ll discuss why that might be at the Billington Summit, and how a strong identity governance and administration (IGA) program can help agencies develop the cloud infrastructure entitlement management (CIEM) capabilities they need to stay safe in the cloud.
As important as securing multi-cloud is for government agencies, it’s downstream of broader cybersecurity challenges that the federal government is striving to address. EO 14028, NSM-8, and M-22-09 have set critical mandates for implementing zero trust architecture, adopting multi-factor authentication (MFA), and developing other capabilities that the government needs to modernize and protect its infrastructure.
RSA will be at booth 306 at the Billington Summit, where we’ll be detailing how we can help government agencies and systems integrators meet the presidential MFA mandate. We’ll also be demonstrating how RSA ID Plus for government—which received Federal Risk and Authorization Management Program (FedRAMP) JAB authorization—and new integrations with open standards can help government agencies catalyze progress, stay connected, and fulfill their mission.