Why cyber resiliency might be your best cloud sales pitch

Despite the Cloud First directive of 2010 and Cloud Smart in 2019, it’s been a slow process migrating Federal systems to the cloud. It’s not for lack of capacity: providers such as Microsoft, Amazon Web Services, Google, and Oracle have all invested to create federal-compliant cloud capacity far beyond demand.

But, while Cloud Smart provides strong guidelines on how to migrate, many agencies haven’t felt a compelling motivation for such a move. Federal contractors can unlock cloud migration business opportunities by educating agency CIOs on how cloud platforms can enhance their cyber resilience.

Cyber resilience is an often-overlooked aspect of cybersecurity. No matter how many resources an organization devotes to cyber defenses, an attack on their systems will undoubtedly be successful someday. There are five attributes of cloud infrastructures that federal contractors should keep in mind that reinforce how migration to the cloud can unlock powerful resilience capabilities for mission critical systems.

1. Multiple availability zones

The cloud enables IT resources to be deployed across multiple geographically separate locations. This can help ensure that systems remain available and functional in the face of a cyber attack or failures caused by natural disasters. Each zone operates as a separate data center with its own distributed resources, enabling the system to continue to function even if one or more zones experiences an outage. If a cyber attack succeeds, the cloud system can automatically failover to a different zone without disrupting end users.

2. Dynamic response to Denial-of-Service attacks

The cloud can improve response to denial-of-service attacks through dynamic scaling or reprovisioning, automatically adjusting resources to handle increased traffic. More servers or resources can be automatically added to the system in real-time as the attack is happening. Dynamic scaling can be set up to monitor system traffic and adjust resources as needed. Similarly, the cloud can offer automatic reprovisioning, creating additional application instances in response to a sudden increase in demand. By distributing traffic load across multiple resources, the cloud can make it harder for attackers to overwhelm any single server or resource. Plus, these same techniques can be used to speed recovery from a DoS attack and quickly restore service to legitimate users, which is of critical importance to agencies, and something Federal contractors should be ready to assist with.

3. Zero trust architecture concepts

The zero-trust security model assumes that no user or device should be automatically trusted, regardless of their location or level of access. Access is granted only after verifying the identity of the user or device and assessing its level of trustworthiness. Contractors can help their agency clients understand that cloud architectures are well-suited for implementing a zero trust model through:

• Network segmentation: Cloud architectures can separate applications and services into different network segments, making it easier to control least privilege access and monitor traffic between segments.
• Identity and access management (IAM): Cloud solutions can be easily configured to implement techniques such as multi-factor authentication, session-based access, and role-based access control (RBAC).
• Encryption: Standard cloud architectures support the encryption of data at rest, as well as in transit, making it harder for attackers to corrupt or steal data.
• Centralized security management: Unified cloud architectures can centralize the monitoring and management of security across applications and services, ensuring policies are consistently enforced throughout the infrastructure.

4. Deception