Government agencies are turning toward data encryption technology to supplement the network security standards in the Federal Risk and Authorization Management Program as some agencies remain wary of cloud, Federal News Radio reported Friday.
Jason Miller writes that chief information officers and chief information security officers at agencies are looking for clearer data protection measures, particularly regarding insider threats at both the agency and the cloud vendor.
International Trade Administration CIO Joe Paiva said Thursday that agency IT organizations are exploring cloud encryption gateways with private keys that allow only the agency to decrypt data and other tools that facilitate risk-based decisions on which data to encrypt and at what security level.
Rick Holgate, CIO at the Bureau of Alcohol, Tobacco, Firearms and Explosives, told Federal News Radio that agencies still must balance encryption with the need for cloud service providers to have some visibility into the data to improve the service.
He said that the bureau also worked to set a personnel security clearance procedure to address concerns about insider threats, Miller reports.
“[There] aren’t users who have access to all our data. There are users who are selectively granted access to a small part of our data for a limited amount of time,” Holgate noted.
Miller writes that other agencies are also considering agility, flexibility and additional capabilities when moving data to the cloud, while others cite challenges in the procurement model as a barrier in cloud adoption.