A hybrid cloud is a consolidation of a private cloud and a public cloud. The reason for their growing popularity stems from their ability to offer multiple deployment models at once.
Gartner predicts that globally, almost half of all large enterprises will have deployed hybrid clouds by the end of 2017. That means we are in a defining moment wherein companies will begin planning to move away from private into hybrid clouds.
The challenge, though, is how to interconnect multiple clouds to work as a seamless whole. You don’t want a cloud for e-mail, another one for content management and development, and yet another for collaboration; especially if the clouds lack the capability to interact with one another. More importantly, the complexity between hybrid clouds introduces a new paradigm of cybersecurity vulnerabilities. But with a careful implementation of standards concerning how to perform governance and implement IT systems to protect data, securing the hybrid cloud becomes possible.
Establish industry-specific and federal security controls
The energy and utilities industry have The North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) controls, the financial sector has the Payment Card Industry (PCI) standards and the healthcare industry has to comply with security guidelines laid out in the Health Insurance Portability and Accountability Act (HIPAA).
We provide a set of cloud-specific controls and baseline security measures from the Federal Risk and Authorization Management Program, the federal government’s security accreditation program for cloud services and providers. FedRAMP standardizes the approach to security assessment, authorization and continuous monitoring for cloud products and services with a “do once, use many times” framework that is expected to reduce the cost, time and staff required to conduct agency security assessments of cloud solutions.
Our Solutions as a Service Secure Community Cloud or SolaS -- which consists of a community, private and hybrid cloud -- is built to meet the government’s Federal Information System Management Act (FISMA) security guidelines at the Moderate Security Level and FedRAMP certification. SolaS received the FedRAMP Joint Authorization Board’s provisional authorization to operate, which is the most rigorous approval, and involves a thorough review by chief information officers of the General Services Administration, and Homeland Security and Defense departments.
As a cybersecurity company, Lockheed Martin not only meets the FedRAMP requirements but has also layered in specific security controls developed by the company.
We are working with companies in the energy, finance, healthcare and education sectors to identify similar baselines they can use to deploy trusted cloud services within their domain space.
I believe we will start to see a more significant adoption of the hybrid cloud as the industry-specific controls and the government-specific controls are extended to the cloud. At this point, commercial entities can start to consume each other’s cloud services in a more trusting environment, and in a manner similar to the way agencies share data with FedRAMP.
At Lockheed Martin our approach towards the hybrid cloud and security is in lock-step with the bottom line in the commercial space- to understand how to use, secure and bundle services across multiple environments and make it seamless to their customers