Securing SaaS: U.S. Government Weighs In On Security Controls
Taking the plunge into the cloud is generally a good idea for companies that are coming out of 20th century hibernation, where paper-based processes were the norm. Now, better alternatives exist, but the transition from older methods to new cloud-based services takes careful planning, something that can be made far easier if you’re working with a solid partner. Big data, cloud security, SaaS vs. On-Premise – these topics are hot in business technology at the moment, and with good reason; they signify a clear and immediate trend toward real-time data access and analysis. For those taking their first step into the cloud, security tends to be one of the foremost topics of concern, enough so that even the United States federal government recently released guidelines on how to minimize the risk of a security breach in a cloud-based environment.
“Our goal is to make it substantially easier to buy, sell, interconnect, and use cloud environments in the government,” NIST director Pat Gallagher said in a speech Wednesday during an event at NIST headquarters, as reported via an article from InformationWeek. “The roadmap will serve as our action plan, and we expect it not only to drive federal standards efforts, but because our needs are not unique in government, we think it will help the private sector as well.”
The federal guidelines offer more than 150 security controls in 16 categories that include access control, awareness and training, contingency planning, risk assessment and more. With security breaches consistently making the news for both public and private organizations, the government is setting standards and issuing reminders to new cloud customers that steps to protect data security can and should be taken ahead of a live deployment. Authentication protocols, encryption, and hardware-based security are just the beginning; developing a comprehensive plan to access the conveniences of the cloud while maintaining security can be challenging, which is why it’s important to partner with a cloud service provider that can inform, assist and fit well into a company’s long-term plans.