NASCIO Midyear 2022: CISOs Make the Case for Consolidated Cloud Management

NASCIO Midyear 2022: CISOs Make the Case for Consolidated Cloud Management

DIR’s contracting requirements divide the responsibilities for service delivery among the agency’s clients, the public cloud administrator, and the public cloud provider. In general, the agency itself bears the most responsibility for infrastructure-as-a-platform offerings and the least burden for software-as-a-service solutions.

The data center supports direct connections to cloud solutions from Google, microsoft blue Y awsRainosek said. And DIR’s public cloud manager regularly assesses workloads to ensure delivery in the most cost-effective way possible.

Rainosek told a story about an agency that didn’t go through DIR to acquire some services during the height of the pandemic. The agency saved money, refused to hire specific security services, and suffered a distributed denial-of-service attack that took services offline. DIR stepped in to help. Rainosek suggested that agencies face significantly fewer such issues when they follow prescribed procedures and pool their resources in the combined data center with the state’s public cloud manager.

Pooled resources boost cybersecurity in state-owned companies

During the NASCIO Cloud Security Dashboard, Danielle Cox, West Virginia CISO described a cloud addendum that is automatically attached to every cloud computing contract executed by a state agency.

“It’s not just for our office technology purchases,” Cox said. “We work with our procurement office and privacy office to make this available to all state agencies.”

The addendum to the cloud computing contract stipulates the terms of how information is created, transferred, executed, stored and ultimately destroyed, Cox said. The appendix defines the responsibilities of the West Virginia Office of Technologythe cloud provider and the client agency.

Vendors occasionally challenge the addendum, but it is generally accepted. And the addendum sparks inter-agency conversations about protecting data throughout its lifecycle.

Arizona Deputy CISO Ryan Murray noted that the other CISOs had been focused on “cloud security or security within the cloud, but I’m going to talk about security from the cloud.”

Arizona Department of Homeland Security it’s moving all security tools that aren’t already in the cloud to cloud-based platforms, Murray said. The CISO was once housed within the Arizona Department of Administration as the CIO, but the state recently moved the office to Arizona DHS. The adoption of cloud-based tools supported this “decoupling,” as both the CISO and CIO turned to cloud providers to manage solutions, he added.

Within Arizona DHS, the CISO’s office focuses on providing security tools to state agencies and also plans to expand the availability of those tools to all cities and counties in Arizona. That goal would be “impossible” with an on-premises data center or perhaps even a private cloud data center, Murray said.

“Attracting tens of thousands or even hundreds of thousands of new users for our cybersecurity users will be critical to the success of this program,” Murray said.

Arizona hopes to combine several funding streams, including funds from state executive branch appropriations, federal homeland security grants, and upcoming Infrastructure Investment and Jobs Act grants, to pay for its government security support program. local, Murray added.

Verify more coverage from the 2022 NASCIO Midyear Conference and follow us on Twitter at @StateTechor the official Twitter account of the conference, @NASCIOand join the conversation using the hashtag #NASCIO22.

Leave a Comment