What the EO Means for the Cloud
Cybersecurity and the Cloud Details
Presently, cutting-edge cybersecurity often
Regardless of the cloud model involved, the EO
and securing legacy IT can prove costly, difficult
technology in its agencies’ futures.
features IT modernization because maintaining and risky.
reveals that the federal government sees the
2. How will future cloud adoptions work for agencies?
Yet that does not mean every agency
has adopted cloud computing. The cloud
Since 2011, the Federal Risk and Authorization
decentralizes IT infrastructure to deliver
computer resources such as data storage ondemand. Although this format gives agencies unparalleled flexibility and scalability, cloud
migrations can take more effort than agencies initially realize.
Management Program (FedRAMP) has authorized which cloud products and
services can host federal data. By leveraging
FedRAMP’s cloud security standards, the Biden administration made the program one of its cybersecurity EO’s biggest stars.
Recognizing this, Biden’s EO prods agencies to
use the cloud while acknowledging some may
do so partially or not at all. While the EO hopes to
accelerate public-sector cloud use, it also covers securing computer systems on premises, in the cloud or a hybrid of both models.
No. 1 among the EO’s FedRAMP priorities is
leveraging a governmentwide strategy for
federal cloud security. This strategy will try to
ensure that agencies broadly understand the risks from cloud-based services and how to effectively address them.
1. Will all agencies have to use the cloud? According to the cybersecurity EO, different
A technical reference documenting secure cloud architecture is another goal. Once
agencies are at different stages of cloud
implementation. Consequently, the document’s various cybersecurity details can apply to onpremises, cloud-based or hybrid IT.
released, this resource will illustrate
recommended approaches to cloud migration
and collecting, protecting and reporting on data for agencies.
But the EO is also clear that the federal
Lastly, the order tasks FedRAMP with identifying
adoption. The EO not only calls for faster federal
to agencies based on incident severity. This
government wants to speed up its overall cloud cloud migrations, it even lists three potential models for agencies.
the cloud services and protections available
framework will also list the data and processing activities associated with these services
First up are Software-as-a-Service (SaaS) clouds,
and protections.
which license centrally hosted software on a
Together, these steps ensure that agencies can
(IaaS) clouds decentralize IT infrastructure, while
with FedRAMP’s expertise.
subscription basis. Infrastructure-as-a-Service Platform-as-a-Service (PaaS) clouds do the
adopt cloud quickly, securely and intelligently
same for computing platforms hosting agencies’ desired applications. 24
A GovLoop Guide
