For many years, the U.S. government was hesitant about moving data and applications to the public cloud. Concerns around security were prevalent.
Yet, the benefits proved too great to ignore. Speed, scalability and agility enabled organizations of all sizes and industries to reduce capital expenditures and move to more predictable operations expense models.
Today, cloud has become a central proposition of IT spend in government institutions. In fact, the U.S. government is helping federal agencies accelerate their cloud efforts with the 2019 Federal Cloud Computing Strategy. Also known as Cloud Smart, it offers recommendations and guidance toward secure cloud adoption.
However, federal agencies still host many workloads and data in on-premises data centers. That’s often due to several challenges.
Data residency requirements around sensitive data restrict agencies’ ability to store or transfer these workloads into the cloud. Federal agencies must comply with the Federal Risk and Authorization Management Program (FedRAMP), which works to ensure that all federal data is secure in cloud environments. Organizations need industry solutions that can support FedRAMP-compliant environments.
Within the Department of Defense (DoD), additional compliance requirements such as International Traffic in Arms Regulations (ITAR) or the DoD Cloud Computing Security Requirements Guide (DoD CC SRG) often require the ability for cloud solutions to be hosted within an organization’s virtual private cloud (VPC) and within cloud service providers’ government cloud regions.
It’s also difficult and complex to keep up with the ever-evolving threat landscape. Especially as agencies move toward hybrid environments that mix both on-premises and clouds, it can be challenging to stay on top of threat detection.
Another challenge: Many federal agencies—same as organizations in the private sector—are struggling to attract and retain cloud security professionals. The dynamic nature of cloud presents new security considerations and requires a different skill set than securing and protecting on-premises deployments.
Getting to Cloud Safely
To address these issues, the Cloud Smart initiative suggests leveraging modern virtualized technologies. “This requires that agencies place an emphasis on protections at the data layer in addition to the network and physical infrastructure layers,” according to the Federal Cloud Computing Strategy.
That’s where FireEye Multi-Vector Virtual Execution (MVX) Smart Grid deployment fits in. And with FireEye’s newly available Amazon Machine Image (AMI), the network security solution enables organizations to extend intelligent threat detection from their on-premises environments to Amazon Web Services (AWS).
MVX Smart Grid gives highly security-sensitive agencies the ability to deploy the FireEye MVX engine within their own environments. This allows agencies to address data residency requirements while leveraging FireEye’s best-of-breed technology.
AWS AMIs makes it possible for agencies migrating to the cloud to use the same engineers, as well as machine learning and dynamic analysis capabilities, that they use in their on-premises environments. Think of it like a safe virtual environment, where malware is destroyed in a detonation chamber, but available within the private data center.
Federal agencies can deploy MVX Smart Grid to safely leverage and scale their cloud environments. The new virtual AWS image enables organizations to deploy FireEye’s advanced capability within their AWS virtual private clouds across commercial and AWS GovCloud regions. This deployment model allows the virtual appliance to inherit FedRAMP controls in the infrastructure-as-a-service (IaaS) environment and support local data sovereignty requirements.
At the same time, the automation inside the MVX Smart Grid engine helps IT staff stay on top of threat detection while reducing the likelihood of chasing false positives.
And if federal agencies are not quite ready to move to AWS, they can still gain the benefits of MVX Smart Grid in their on-premises data centers.
It’s the best of both worlds; the appliance allows FireEye federal network security customers to scale their analysis of on-premises environments to the cloud and extend visibility into their AWS cloud environments, rather than having to invest in more hardware.
Head over to our website for more information on FireEye cloud solutions.