Many federal agencies rushed into deals and deployment of cloud services to allow telework, and now Matthew Scholl of NIST’s Information Technology Laboratory and Michael Duffy of CISA want them to make sure they know who is responsible for the security of these platforms. Each stressed the need to stay continually engaged with the cloud service provider, with Scholl noting “cloud migration is not a set it and forget it. Sit down with your providers to make sure you fully understand where those breakpoints are, what those hybrid parts are, what those shared responsibilities are, and who’s doing what.”
