The Federal Cloud Computing Strategy
(FCCS) makes it clear government agencies have significant responsibilities for protecting cloud-hosted data.
The FCCS states the need for agencies to develop their own governance models and create service level agreements to ensure they’ll have continuous access to log data and prompt notification from their cloud service provider if there’s a breach. Indeed, the onus is on government agencies to comply with regulations and do everything they can to protect “the confidentiality, integrity, and availability of Federal information as it traverses networks and resources” in the cloud.
Here are three best practices agencies can follow to improve the performance and security of cloud-hosted applications and web assets.
- Get to the Root of Application Performance Problems (and Understand When These Problems Indicate a Security Incident).
Monitoring application performance in the cloud is critical to ensuring issues impacting the availability of key systems are addressed before they impact users.
Having security information event management (SIEM)
capabilities is essentially like having another pair of eyes. By gathering logs from cloud databases, apps, and websites, a SIEM watches 24/7 for suspicious activity and compliance issues. Teams can quickly cut through the clutter and narrow in on vulnerabilities and potential threats and prioritize where to focus their limited resources first.
Security teams must also have the right incident response processes in place. They must be able to react quickly and respond to threats at scale. The ability to prioritize threats based on severity and easily communicate with other team members are keys to acting quickly when an incident occurs.
It’s also important to educate administrators, so they know application performance issues could also suggest a cybersecurity risk and how to act.
Training shouldn’t be solely relegated to the IT team. The prevalence of insider threats means all employees should be trained on the agency’s policies and procedures and encouraged to follow best practices to mitigate potential threats.
- Build With Security in Mind.
To get a proactive handle on application security, the cybersecurity function must work closely with developers to build security into code during the development process. They must also perform vulnerability scanning on apps to ensure they’re free of flaws before they’re deployed.
- Derive Meaningful Security Insights From Log Monitoring Data and Machine Learning.
Log monitoring data is rich with insights, yet performing any kind of analysis on fragmented event logs from multiple sources can be time-consuming. It’s also hard to achieve any kind of context between event logs, so threats can be pinpointed quickly and mitigated promptly.
But when machine learning and behavioral analysis are applied to log data, new insights are revealed. Security teams can expose patterns and indicators of malware activity in the cloud environment.
They can also look for anomalies in user behavior within the cloud, such as a person authenticating from unexpected locations. If an agency operates exclusively in one part of the country, yet log data suggests an employee has logged in using the same credentials from another part of the world, such as Russia or Iran, it could be a sign of compromised credentials and malicious intent. Using this insight, administrators can move to change those credentials and investigate the incident further.
When it comes to securing digital assets in the cloud, federal agencies have made a great deal of progress, but there’s still room for improvement. By implementing these three best practices, federal agencies
can build on what they’ve already accomplished and augment the requirements of the FCCS to further develop their security practices.
Find the full article on Nextgov.