Why cyber resiliency might be your best cloud sales pitch

Gettyimages.com/Thapana Onphalai

Tracy Gregorio By Tracy Gregorio,
CEO, G2 Ops

By Tracy Gregorio

|

Many government agencies still don't feel a compelling reason to migrate to the cloud but a focus on cybersecurity might be the lever you need to unlock that business.

Despite the Cloud First directive of 2010 and Cloud Smart in 2019, it’s been a slow process migrating Federal systems to the cloud. It’s not for lack of capacity: providers such as Microsoft, Amazon Web Services, Google, and Oracle have all invested to create federal-compliant cloud capacity far beyond demand.

But, while Cloud Smart provides strong guidelines on how to migrate, many agencies haven’t felt a compelling motivation for such a move. Federal contractors can unlock cloud migration business opportunities by educating agency CIOs on how cloud platforms can enhance their cyber resilience.

Cyber resilience is an often-overlooked aspect of cybersecurity. No matter how many resources an organization devotes to cyber defenses, an attack on their systems will undoubtedly be successful someday. There are five attributes of cloud infrastructures that federal contractors should keep in mind that reinforce how migration to the cloud can unlock powerful resilience capabilities for mission critical systems.

1. Multiple availability zones

The cloud enables IT resources to be deployed across multiple geographically separate locations. This can help ensure that systems remain available and functional in the face of a cyber attack or failures caused by natural disasters. Each zone operates as a separate data center with its own distributed resources, enabling the system to continue to function even if one or more zones experiences an outage. If a cyber attack succeeds, the cloud system can automatically failover to a different zone without disrupting end users.

2. Dynamic response to Denial-of-Service attacks

The cloud can improve response to denial-of-service attacks through dynamic scaling or reprovisioning, automatically adjusting resources to handle increased traffic. More servers or resources can be automatically added to the system in real-time as the attack is happening. Dynamic scaling can be set up to monitor system traffic and adjust resources as needed. Similarly, the cloud can offer automatic reprovisioning, creating additional application instances in response to a sudden increase in demand. By distributing traffic load across multiple resources, the cloud can make it harder for attackers to overwhelm any single server or resource. Plus, these same techniques can be used to speed recovery from a DoS attack and quickly restore service to legitimate users, which is of critical importance to agencies, and something Federal contractors should be ready to assist with.

3. Zero trust architecture concepts

The zero-trust security model assumes that no user or device should be automatically trusted, regardless of their location or level of access. Access is granted only after verifying the identity of the user or device and assessing its level of trustworthiness. Contractors can help their agency clients understand that cloud architectures are well-suited for implementing a zero trust model through:

  • Network segmentation: Cloud architectures can separate applications and services into different network segments, making it easier to control least privilege access and monitor traffic between segments.
  • Identity and access management (IAM): Cloud solutions can be easily configured to implement techniques such as multi-factor authentication, session-based access, and role-based access control (RBAC).
  • Encryption: Standard cloud architectures support the encryption of data at rest, as well as in transit, making it harder for attackers to corrupt or steal data.
  • Centralized security management: Unified cloud architectures can centralize the monitoring and management of security across applications and services, ensuring policies are consistently enforced throughout the infrastructure.

4. Deception

The flexibility and scalability of cloud systems can be used to deceive attackers, misdirecting them, delaying, or preventing them from accessing sensitive data or systems. Federal contractors can help set up honeypots within the cloud to act as legitimate-looking decoys that trap, detect, or divert attackers. Deceptive data can also be used to lead attackers down the wrong path by intentionally setting up fake information to look like real data. These deception techniques make it more difficult for attackers to gain access to sensitive data or systems, and they help detect and respond to cyber attacks more quickly to minimize their impact.

5. Rapid detection and response

Rapid detection is an important component of resilience that takes advantage of cloud features to quickly detect and respond to threats, reducing the impact of cyber attacks and minimizing downtime.

  • Real-time monitoring: Cloud-based systems are typically set up for real time monitoring of network traffic and system logs, which allows for early detection of cyber attacks and rapid response to potential threats.
  • Advanced analytics: Cloud systems are particularly well suited for machine learning and artificial intelligence algorithms that can quickly detect anomalies in network traffic or user behavior that can indicate a cyber attack.
  • Automated response: Cloud systems can be configured to automatically block malicious traffic or quarantine infected devices, reducing the time required to contain and remediate attacks.
  • Collaborative threat intelligence: Cloud systems can share threat intelligence with systems throughout the cloud, allowing for faster response to emerging threats.

Federal contractors should share these points with the IT leaders across their customer enterprise, especially those that are on-the-fence about moving to the cloud or need additional business case rationale for migrating. Federal agencies that deploy their systems to the cloud can be more confident in their ability to continue supporting constituents even in the face of a relentless cyber attack.

Tracy Gregorio is the CEO of G2 Ops, Inc, a certified woman-owned small business that provides cloud migration, model-based systems engineering (MBSE) and security engineering solutions to the U.S. Navy, U.S. Coast Guard, U.S. Air Force, and numerous commercial businesses. She is the Cybersecurity Committee Chair of the Virginia Ship Repair Association and a board member of the Virginia Maritime Association and the Commonwealth Cyber Initiative. Ms. Gregorio earned an M.S. in Computer Science from Old Dominion University, a B.S. in Computer Science from Virginia Tech and a certificate in Cybersecurity: Technology, Application, and Policy from MIT.

NEXT STORY: How the Air Force stuck with CACI for $5.7B IT contract

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.