The National Science Foundation (NSF) is well along with its cloud adoption plans, and eyeing several key security-related milestones over the next couple of years, explained Chezian Sivagnanam, NSF’s chief enterprise architect, at Jan. 26 virtual event organized by FCW.
While Federal agencies have been moving toward adoption of cloud services in recent years, many including NSF have implemented a multi-cloud architecture. Cloud services are crucial to NSF’s larger IT vision, Sivagnanam explained.
“We want to implement cutting edge IT solutions to enable the agency to remain agile and thriving in an ever-changing landscape,” he said.
But one big challenge, Sivagnanam said, is blending different types of cloud service models to provide access to needed data, while at the same time protecting an expanded attack surface created by the large number of agency employees who are accessing the data remotely.
“The move to a multi-cloud architecture has created a new challenge,” and “securing privileges and reducing risk are becoming more complex,” Sivagnanam said.
The last couple of years has shown that there has never been more demand for cloud-first identity management solutions to secure and protect the hybrid IT infrastructure and data, including human and machine identities, he explained. As such, NSF has set a series of security-related goals.
On the security front, NSF this year is responding to requirements in President Biden’s cybersecurity executive order to create zero trust security architectures, he said.
The agency also plans on including IPv6 compliance across applications and its infrastructure by Fiscal Year 2023. Also next fiscal year, NSF plans to institute agency-wide multifactor authentication. And by FY2024, is targeting that its multi-cloud architecture will have fully protected applications, he said.