Rapid adoption of cloud computing presents opportunities to revolutionize information technology (IT) operations. As with many technology trends, cloud computing was first adopted broadly in the commercial sector. In recent years, its adoption in the federal sector has grown significantly. Recognizing that not all cloud computing is equal and to help ensure information security is incorporated in solutions, the US government established the Federal Risk and Authorization Management Program (FedRAMP), which promulgated requirements for securing cloud environments used by federal agencies.
Migrating to a FedRAMP cloud environment does not eliminate agencies’ responsibility for maintaining information security controls over their cloud environments and the information systems operating within them. As federal agencies migrate to cloud environments, often information security controls are secondary to architecture design, application performance, workforce training, migration planning, computing and storage costs planning, and other concerns for IT management.
This paper explores the ways that organizations can remain ever vigilant in maintaining their data security structures and optimize their cloud security and controls through strategy-setting, organizational readiness, security and controls assessment, and workforce readiness.