July 31, 2024
Sponsored by Presidio Federal & IBM
Building and Securing a Multi-Cloud Environment to Modernize IT and Enhance Cybersecurity
Beau Houser, Chief Information Security Officer (CISO) at the Census Bureau, discusses the complexities and strategies involved in building and securing a multi-cloud environment for the Bureau. Houser highlights the pivotal role of the CIO in pushing for a consolidated IT approach using AWS, Azure, and Google Cloud, aiming to modernize and streamline operations while ensuring robust cybersecurity measures. He elaborates on the challenges and advantages of moving to cloud-native solutions, such as replacing a 50-server on-premise logging system with a Software as a Service (SaaS) model, which reduces maintenance but increases dependency on service providers. Houser also touches on the Census Bureau's progress in implementing zero trust principles, supported by the Department of Commerce's aggressive plan and industry-leading identity services. He notes the importance of visibility and collaboration among cloud service providers to maintain security, emphasizing the integration of advanced tools for resilient ecosystems. Looking ahead, Houser predicts that AI and quantum cryptography will play central roles in enhancing cybersecurity, ensuring that the Bureau's data remains secure in the face of evolving technological threats.
Key Takeaways:
-
The Census Bureau is adopting a multi-cloud strategy involving AWS, Azure, and Google Cloud to modernize and consolidate IT infrastructure.
-
Migration to cloud-native solutions simplified the technology stack by reducing maintenance but introduced dependencies on cloud service providers, highlighting trade-offs between simplicity and reliance.
-
The Census Bureau is actively pursuing zero trust principles with significant collaboration within the Department of Commerce, and sees AI and quantum cryptography as pivotal technologies for future cybersecurity.
Enhancing Federal Citizen Services with Zero Trust and AI Innovations
Philip Carruthers, Cyber Domain Strategy Leader for IBM Public Sector, discusses the future of citizen services and data security within federal agencies. Carruthers emphasizes the need for a unified and secure approach to delivering citizen services, drawing parallels between interactions with federal agencies and private sector experiences with banks and utility companies. He advocates for the creation of a universal services branch to standardize and secure the delivery of these services, highlighting the importance of zero trust principles for both internal and external systems. Carruthers also explores the transformative potential of AI, comparing its current state to the early days of personal computing, and underscores the importance of establishing guardrails to manage its boundless potential. He stresses the need for agencies to collaborate with the broader IT community to navigate the complexities of AI and secure digital services. In addition, Carruthers discusses the role of digital twins and AI assistants in providing governance and support, suggesting a cautious and incremental approach to implementing these technologies to ensure trust and effectiveness.
Key Takeaways:
-
Carruthers advocates for a universal services branch to standardize and secure citizen services across federal agencies, ensuring trust and consistency.
-
There is a need for zero trust principles to be applied to both internal and external systems to protect personal and identity data.
-
Transformative potential of AI and digital twins is possible with a cautious and incremental approach to implementation in order to ensure secure and effective services.
Building a Resilient Multi-Cloud Strategy
Mark James, Executive Director of the Enterprise Cloud Services Division at the Customs and Border Protection (CBP), outlines the agency's approach to establishing and evolving a multi-cloud environment. He details how CBP began its cloud journey with essential services like email and IT service delivery before expanding into more advanced features such as AI, ML, and Kubernetes. James emphasizes the significance of maintaining a balance between public and private cloud solutions while avoiding vendor lock-in and ensuring data control. He discusses the importance of adhering to security standards like FedRAMP High and the integration of zero trust principles. James highlights the agency's focus on data security and the need for visibility and automation to manage threats effectively. He also addresses the challenges and strategies related to edge computing, noting that CBP's extensive and dispersed operational footprint requires robust security measures and efficient governance. Finally, James reflects on the necessity of organizational buy-in and the establishment of clear policies to guide the cloud migration process.
Key Takeaways:
-
CBP's multi-cloud journey involved a phased and tiered approach, starting with basic services and gradually incorporating advanced features like AI, ML, and Kubernetes to enhance resilience and reliability.
-
The agency prioritized security from the beginning, adopting FedRAMP's high standards and integrating zero trust principles to ensure robust protection for both internal and external systems.
-
CBP's edge computing capacity is crucial for its mission, necessitating stringent security protocols and governance to manage and secure data across numerous remote locations efficiently.