The key to secure use of cloud computing is shared understanding of the division of security responsibilities between provider and government client, and the ability to verify that both are meeting their responsibilities.
Cybersecurity in the Cloud
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
Given the security changes that result from deploying a cloud-based approach, Federal IT leadership should understand the risks and potential mitigations. While private clouds incorporate new technologies into the IT stack that need to be secured, community and public clouds additionally introduce risks due to reduced control and visibility. With these deployment models, the key to secure use of cloud computing is shared understanding of the division of security responsibilities between provider and government client, and the ability to verify that both are meeting their responsibilities. The Federal Risk and Authorization Management Program (FedRAMP) provides information and services to assist government organizations to understand and verify cloud service provider security practices.