U.S. DEPARTMENT OF HOMELAND SECURITY

SECURE CLOUD BUSINESS APPLICATIONS

(SCuBA) TEAM

Increasingly, both the federal government and the private sector are using cloud computing for many facets of business operations, e.g., email; data creation, storage and access; transmission; and collaboration. This widespread cloud migration was precipitated by the need for government agencies and private entities alike to lower operating costs and increase availability of their data.

 

But with the adoption of cloud environments come new cybersecurity risks. In fact, cybercriminals are updating their attack methodologies to successfully penetrate cloud cybersecurity defenses. In March, a study released by a prominent cybersecurity firm shows cloud-based attacks nearly doubled in 2022. To further illustrate the concern, the federal government recently announced its intention to regulate the security practices of cloud providers, stressing that interruption of cloud services “could create large, potentially catastrophic disruptions to our economy and to our government.”

 

Even before the recent movement to strengthen cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) was already developing and delivering to all organizations—government and private alike—cloud security guidance and products that are helping them enhance protection of their cloud assets. CISA applied targeted funding provided by the American Rescue Plan Act of 2021 to launch the Secure Cloud Business Applications (SCuBA) Project and charged it with strengthening federal cloud networks from future cyberattacks similar to the SolarWinds compromise. This critical project is developing consistent, effective, modern and manageable security configurations and resources that secure information assets created and stored within cloud environments managed by federal agencies and by private entities as well.

 

The SCuBA Project’s security guidance and products are protecting American citizens in three ways. First, its security enhancements have been adopted by numerous federal and state agencies that provide direct services to citizens. Second, SCuBA’s recommendations are protecting the systems on which federal and state agencies are conducting the people’s business. Third, the SCuBA cloud security recommendations have been implemented by many private-sector companies and organizations that Americans do business with online every day. Taken in total, SCuBA’s efforts significantly are raising the security of cloud services that Americans rely on to acquire services and products from government and private entities.

 

The SCuBA team has released and is continuing to develop a series of security guidance and resources that will help all public and private entities better secure their cloud environments.

​

While the SCuBA Project’s initial intent was to improve the cloud security of federal agencies, CISA is recommending all organizations implement the project’s security guidance. Many private-sector organizations responded by applying the security guidance to better secure their cloud-based assets. By releasing all the SCuBA security guidance and tools to government entities—including federal, state, local, tribal and territorial agencies—and private-sector organizations, its users are better positioned to protect their sensitive cloud-based information assets. And, because of the game-changing security guidance delivered by the SCuBA Project and ongoing adoptions by public and private entities, Americans can take comfort knowing the security of their information stored in the cloud is much stronger than it was just a year ago!