Maximus Logo
Country
United States Canada India Saudi Arabia United Arab Emirates United Kingdom
  • Careers
  • Employees
  • Investor Relations
  • News and Events
  • Who We Serve
    Federal Government State and Local Government Specialized Markets

    As trusted partners, we elevate public service by empowering government agencies with advanced technology, infrastructure, and human-centric operational support.

  • What We Do
    Customer Experience
    • Contact center solutions and services
    • Digital Government
    • Maximus Innovation Center
    Technology Services
    • AI and Analytics Services
    • Cybersecurity
    • Cloud
    • Digital Modernization
    • Data Management
    Health Services
    • Clinical Services
    • Eligibility and Enrollment
    • Health Technology and Enterprise Modernization
    Program Services
    • Case Management
    • Consulting and Advisory Services
    • Eligibility and Enrollment
  • Case Studies
  • Insights
  • About
    Our Approach
    Life at Maximus
    Leadership
    Locations
    Maximus Foundation
    Corporate Responsibility
    Contract Vehicles
    Awards and Recognition
    Alliance Partnerships
    Certifications
    Maximus Ventures
  1. Maximus US
  2. Insights
  3. Striking the balance: Mission access and cybersecurity in cloud environments

Striking the balance: Mission access and cybersecurity in cloud environments

Frank Reyes

Frank Reyes

Michael Sieber

Michael Sieber

Share:

X LinkedIn Email
Two people holding a computer in a data center

Smartly migrating data to the cloud is an imperative for all of government, but shifting sensitive, mission-critical data into the cloud can be a security concern for federal agencies such as the Department of Defense (DoD).

Many federal agencies, including DoD, are transitioning to hybrid cloud environments using on-premises infrastructure in addition to cloud infrastructure, which raises questions about how to balance operational performance and cloud security. When working with different cloud service providers (CSPs) and systems integrators, agencies often have questions like, who is responsible for securing data, and when? How are security controls put in place? How should stakeholders balance mission access and cybersecurity?

If downrange access to data is difficult, users might struggle to access the critical information they need at the speed of mission relevancy. On the other hand, freely accessible data has its risks, especially for sensitive missions.

Managing sensitive data in the cloud to meet security and mission objectives requires a balance between cloud policies, where users can access the data they need to accomplish their mission, and robust security policies ensuring mission-critical data is protected.

The role of cloud security policy

Most cloud security breaches come from misconfigurations being discovered and exploited, which end users are typically unaware of. Federal agencies need top-down policies and education to ensure configuration management and compliance to guard against developmental errors.

A zero trust approach will improve cybersecurity by setting rules and conditions for how data is accessed. For example, if a system administrator needs keys to access data, policies need to be in place to ensure they can demonstrate a legitimate need for the keys, a defined period for access, and a specific use for the data.

Effective cloud security comes down to building good security habits within an organization, such as designing cybersecurity at the front end of the development process (i.e., DevSecOps) and adopting zero trust principles. Automation and artificial intelligence (AI) can improve security processes while accelerating responses to intrusions and bad cyber actors.

74% of data breaches are due to human error, regardless of whether that data resides in the cloud or in on-premises data centers, according to Verizon’s 2023 Data Breach Investigations Report. To address this, we emphasize the need for thoughtful cybersecurity policies, cyber awareness training, and a holistic approach to cloud security.

Tailoring cloud security with industry partners

As DoD standardizes cloud adoption through the Joint Warfighting Cloud Capability (JWCC) contract vehicle, balancing security responsibilities with different CSPs within a shared security model will be critical for mission success.

Depending on the cloud operating model being implemented (SaaS, PaaS, or IaaS), the shared security responsibility will vary for agencies and offices within DoD. For example, the DoD may find efficiencies in inheriting CSP security controls, having CSPs maintain responsibility for control operating system upgrades, and assume responsibility for routine scanning and patching.

Allowing CSPs to be responsible for the lower-level cloud security risks and address vulnerabilities as they appear, which helps organizations to minimize their IT tasks and improve remediation.

This approach then allows the DoD to focus on highly specific security needs, such as threat-hunting capabilities, controlling how new workloads are stood up, and tailoring identity, credential, and access management (ICAM) policies to protect sensitive data as it moves through the tech stack.

DoD in the cloud

Implementing one consistent ICAM policy across the board can help defense agencies meet 2027 zero trust goals. This includes controlling who can stand up new workloads and implementing appropriate security measures around those workloads.

Key takeaways for DoD

  1. Refine configuration management. Know the policies you want to have and enforce them holistically throughout your organization. 
  2. Build natural cloud security habits. Start with actionable cybersecurity policies, then get the people in your organization comfortable with working in the cloud and using cloud security features.
  3. Leverage the full capabilities of the native cloud tools to successfully build out a secure cloud.

DoD can accelerate their journey in cloud security by partnering with a systems integrator who can align technology, processes, and policies for secure, modern cloud solutions that maximize mission impact and operational excellence. Defense networks will continue to be top targets for bad cyber actors. Thoughtful systems integration across the board helps ensure robust cloud security.

To learn more about Maximus’ defense practice, visit maximus.com/defense. For more information about Maximus’ cloud solutions, visit maximus.com/secure-cloud.

About the authors

Frank Reyes

Frank Reyes, Managing Director, Software and Infrastructure Capabilities

As a business leader and technologist, Frank Reyes works closely with federal government customers to understand their challenges and deliver appropriate solutions. Frank oversees Maximus’s development of secure hybrid cloud solutions and cloud native applications to ensure that agencies provide their services in a modern and secure way.

Michael Sieber

Michael Sieber, Senior Director, TCS DoD and Cloud

After spending more than 24 years of service in the Department of Defense (DoD), Col. Michael Sieber (U.S. Army, Ret.) now leads Maximus security programs for mission-critical defense IT systems, applications, and data.

Related Topics

Digital Transformation Cloud Cybersecurity Federal Government

Read more

Whitepaper

Bridging Employee and customer experiences for enhanced efficiency

Video

Accelerating data modernization: Practical strategies for federal agencies

Article

Enhancing cybersecurity: A closer look at federal security operations centers (SOCs)

Partnering with Maximus can help you stay one step ahead

Let us help you get there

Get started
Maximus Logo
  • Contact Us
  • Careers
  • Contract Vehicles

Copyright © 2025 Maximus. All rights reserved.

Privacy Statement Privacy Statement California Residents Terms of use