In 2018 the Office of Management and Budget introduced a new strategy designed to provide organizations with a roadmap to migrate their applications to the cloud. Dubbed Cloud Smart, the guidance advanced the Federal Cloud Computing Strategy (popularly known as “Cloud First”) that was unveiled in 2017 by giving agencies “practical implementation guidance to fully actualize the promise and potential of cloud-based technologies.”
Where Cloud First essentially gave authorization to agencies to begin investigating their initial forays into the cloud, Cloud Smart seeks to reduce the barrier of entry for cloud migrations. It provides good, solid guidance around three important areas: security, procurement, and workforce.
Cloud Smart security: Three things to know
Let’s focus on Cloud Smart’s security component. There are several facets that bear mentioning.
Cloud Smart emphasizes the need for Trusted Internet Connections (TICs). However, it acknowledges that traditional TICs have become “relatively inflexible and incompatible with many agencies’ requirements.” These agencies need a more agile and flexible solution to manage the flow of Internet traffic and offer even better security.
Cloud Smart also calls for organizations to do a full inventory of the applications they have in their environments. They’re asked to assess the need for those applications, where those applications live, what services they require to function properly and securely (load balancing, Web Application Firewalls, etc.), and more.
Finally, Cloud Smart advocates for continuous data protection and awareness. Specifically, the guidance suggests that agencies should place “protections at the data layer in addition to the network and physical infrastructure layers.” To help, Cloud Smart recommends implementing the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized way of assessing security and continuously monitoring for threats.
Cloud Smart’s message is clear: the traditional definition of a network perimeter has eroded; applications are the new network edge. Indeed, we have entered into a new phase of digital transformation that is dominated by cloud services and multi-cloud applications. These applications rely on highly sensitive data that freely flows between on-premises and off-premises locations. This flow of information is attractive to hackers, who are continually seeking ways to exploit potential weaknesses in this environment. Data must be protected at all costs, whether it exists on-premises or off, and while it’s at rest and in transit.
Cloud Smart: More descriptive than prescriptive
But while Cloud Smart offers solid guidance for cloud application and data security, it’s really more descriptive than prescriptive. It doesn’t really get into specifics about how agencies should implement their security measures, or the tools they can use to protect their data. That gives organizations a lot of leeway regarding the technologies they can use to protect their data.
Many F5 customers—particularly ones that use a combination of on-premises and off-premises data centers—rely on Cloud Access Points (CAPs) and Virtual Data Center Security Stacks (VDSS). These technologies are sanctioned by the Defense Information Systems Agency (DISA), which has made them core components of its Secure Cloud Computing Architecture (SCCA). Together, they ensure that applications hosted in a cloud data center receive the same level of protection as those that are kept on-premises.
CAPs connect on-premises data centers with hosted cloud environments, essentially creating a secure conduit between the two. Users get dedicated connectivity to applications, regardless of where they’re housed.
A VDSS is a secure zone where customers host their entire security stack. It typically consists of Web Application Firewalls (WAFs) and Next Generation Firewalls to protect applications and data hosted off-site. Web traffic traverses this security zone before accessing the application itself. The zone protects the application from nefarious traffic or potential harm.
Smart solutions for Cloud Smart initiatives
Organizations need different solutions for security enforcement within CAPs and VDSS. They require solution sets that can provide bi-directional WAFs that use behavior analytics, bot defense, and data encryption to protect both hosted and on-premises applications. These solutions are ideal for securing and managing traffic to and from applications housed within colocation data centers.
In short, organizations need solutions that bolster their security postures and help them comply with Cloud Smart’s call for “confidentiality, integrity, and availability of Federal information as it traverses networks and rests within systems, regardless of whether those environments are managed locally, off-premises, by a Government entity, or by a contractor.” Click here to learn more about how F5 is helping its customers secure their applications, data, and sites.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...