David Egts, chief technologist for Red Hat’s public sector, has said federal information technology leaders should take responsibility in ensuring the security of their agencies’ public cloud platforms.
Egts wrote in a GCN guest post published Tuesday that agency IT professionals seeking to secure applications in software-as-a-service cloud environments should correctly establish content permissions and conduct regular examination of those permissions.
“Administrators should enforce the ‘principle of least privilege’ by configuring SaaS tools so that read and write permissions are granted only to those who need them,” Egts noted.
He also called on government IT administrators to screen and remediate container images to address security vulnerabilities in platform-as-a-service environments and collaborate with development teams to facilitate security checking automation through the use of DevOps techniques.
Agency IT teams that aim to secure infrastructure-as-a-service platforms should fully patch operating systems and ensure that those systems comply with security baselines.
Egts said federal IT administrators should implement multi-factor authentication and automate IaaS environments to prevent human error-related incidents.
“Administrators can use dashboards and remote command tools to easily monitor their automated infrastructures and quickly fix security issues,” he added.