We’ve heard for some time how each year is going to be the “Year of Cloud Computing,” but only in 2015 did we really see the momentum start to build in the public sector since the Cloud First Strategy was announced in 2011. We expect cloud adoption to grow exponentially over the next five years with it providing an incredible opportunity for Federal CIOs to purchase a broad range of IT services on a utility-based model. This model enables them to increase operational efficiencies, resource utilization and innovation across their IT portfolios, which is a great return on investment.
As noted in Trend Micro’s “Follow the Data” report, government organizations were the third most targeted industry, behind healthcare and education, making up 16 percent of all data breaches between 2005 and 2015. This research also noted a clear pattern – while the number of attacks has grown steadily, the level of sophistication and volume of compromised data has grown exponentially. The top three breach methods include loss or theft, unintended disclosures, and malware attacks, which can be attributed to the growing criminal underground, the thriving deep web and an increase in the skill sets of criminals. Just as the rising tide lifts all boats, the deep web has lifted the capability of cybercriminal networks, hacktivists and even cyber espionage groups, and has enabled them to automate and orchestrate cyber attacks with lethal efficiencies.
Historically, federal agencies have had significant challenges in deploying information security controls, threatening the confidentiality, integrity and availability of critical information and high impact systems used to support their operations, assets and personnel across multiple platforms. As enterprises and the critical data they contain become more diverse, Federal CISOs are forced to automate and orchestrate their own defenses to meet the growing cyber threat and keep their systems safe. However, it isn’t easy, of course, with shrinking budgets, internal skills gaps and strict compliance requirements to meet.
This is why we’re proud to announce that Trend Micro™ Deep Security™ is now included in a new AWS Quick Start reference deployment. The new solution is part of AWS Professional Services Enterprise Accelerator – Compliance, a program that assists federal agencies and other customers to comply with the National Institute of Standard and Technology (NIST) high impact security control requirements (NIST SP 800-53(rev4)) in the AWS cloud.
It’s a big win for federal sector CIOs and CISOs with designated high impact systems, providing a secure and compliant glide path for cloud adoption. Until now, high impact systems have been restricted to private clouds. With this Deep Security’s inclusion, time and effort can be radically reduced, even in hybrid environments – allowing federal agencies to focus on their actual task loads without the added worry of compliance and security.
The upgraded package includes: a deployment guide, CloudFormation templates for automation, and a security controls matrix. These describe how NIST SP 800-53 controls are addressed at an infrastructure layer with AWS controls, as well as how many additional high impact security controls at the workload layer, such as apps, data and operating systems, are addressed by Deep Security.
To access these new AWS Quick Starts, go to the Quick Start Reference Deployments main page, and scroll down to the Compliance, security, and identity management section.
For additional information, please visit www.trendmicro.com/aws.