Agencies need constant monitoring controls and practices at the planning stage to be able to enjoy worry-free sharing of data, Stu Fleagle, vice president at Carpathia Government Solutions, said Tuesday.
“Information security cannot be an afterthought when building applications and systems. If it is, it’s too late,” Fleagle said.
“Similarly, if you are thinking about being compliant with all of the required government regulations after you build something, it is too late,” he added.
The executive noted on the firm’s blog that with the ever-changing threat landscape, a static approach to security and privacy might not be an ideal route.
He says FedRAMP, which has already begun revisions months ahead of cloud vendors’ June 6 deadline to comply with its security control baseline, illustrates this fast-paced environment.
“What’s needed is a defense-in-depth approach that can defend against and respond to inside and outside threats,” Fleagle said, concluding, “The price for being able to share data securely is being perpetually vigilant.”