The Cybersecurity and Infrastructure Security Agency has highlighted the need for public-private partnerships to address the growing risks to cloud identity systems.
In a blog post CISA posted Tuesday, Clayton Romans, associate director of CISA’s Joint Cyber Defense Collaborative, said that while cloud providers have implemented security measures, nation-state-affiliated actors have exploited vulnerabilities in token authentication, key management and logging practices.
To mitigate the risks, cloud service providers are advised to harden authentication and authorization mechanisms, prioritizing improvements in token technology, secrets management, access control, logging and forensic capabilities. Enhancing security in token validation technology, secrets management systems and logging practices, however, presents complex challenges, Romans said.
Learn more about cloud computing and other cutting edge cybersecurity topics during Navy Chief Information Officer Jane Rathbun’s keynote address at the Potomac Officers Club’s 2025 Navy Summit on August 26 at the Hilton McLean!
Cloud Providers Gathered to Discuss Identity Security Practices
The JCDC is working with cloud service providers to address the challenges, including through the discussion of best practices for strengthening cloud identity security.
In June, CISA hosted the JCDC Cloud Identity Security Technical Exchange, during which 50 experts across the U.S. federal government and top cloud service providers analyzed core cloud identity security practices. The attendees included representatives from Amazon Web Services, Google Cloud, HashiCorp, IBM, Microsoft, Okta, Oracle, Wiz, the OpenID Foundation, the National Institute of Standards and Technology and the National Security Agency.
According to Romans, the exchange laid the foundation on how the agency can work with the private sector to improve the adoption of essential cloud identity security practices and enhance the resilience of critical cloud infrastructure.
Related Articles
The Senate Appropriations Committee on Thursday voted 26-3 to pass a bill that would appropriate $851.9 billion in discretionary defense funding for fiscal year 2026. Weapons Systems Procurement The committee said Thursday the proposed FY 2026 Defense Appropriations Act would allocate $171.3 billion for weapon systems procurement and $140.5 billion for platform research, development and testing. The measure includes a $280 million increase in funding for F-135 spare engines and an additional $500 million for F-35 sustainment spare parts; an additional $216 million for drone and counter-drone tech capabilities; $4.6 billion more for air and missile defense efforts; and a
NASA wants to team up with industry to develop advanced space technologies for future commercial or government use. The space agency on Wednesday issued an announcement of collaboration opportunity, or ACO, to solicit partnership proposals. Managed by the Space Technology Mission Directorate, the ACO gives industry partners access to NASA subject matter expertise, facilities, software and hardware to accelerate and enhance capability development. According to NASA, the ACO will be open for five years and will serve as an umbrella opportunity for topic-specific appendices that would be released every six to 12 months to address evolving needs. For the 2025
Robert F. Kennedy, Jr., head of the Department of Health and Human Services, and other government and healthcare technology leaders have committed to delivering a patient-centric digital health ecosystem. At an event hosted by the Centers for Medicare & Medicaid Services at the White House, over 60 companies pledged to collaborate and deliver results that benefit the public in the first quarter of 2026. Meanwhile, 11 health systems and providers said they will support patient use. Seven electronic health record companies pledged to facilitate data exchange. According to Kennedy, bureaucrats and entrenched interests have made health data inaccessible to patients,