CoSo Cloud: Good Enough for the Military

by Rob Porter

November 7, 2022

Unsurprisingly, the US government has high standards for the security of the cloud services its departments and agencies are able to use. CoSo’s wheelhouse is serving customers with “high consequence” use cases. High consequence can mean many things in different industries, but there are few environments that are as fundamentally high consequence as those in the Department of Defense (DoD). What we mean as high consequence are catastrophic results if any information is compromised.

That’s why it’s a feather in our cap to have announced that CoSo has achieved Defense Information Systems Agency (DISA) authorization to operate (ATO) at the Moderate+ Impact Level Four (IL-4). CoSo previously attained DISA Impact level (IL-2) certification for federal government agencies. The new IL-4 certification makes CoSo the only Adobe Connect partner to be in compliance with the Department of Defense’s strict requirements for the government’s most sensitive, Controlled Unclassified Information (CIU) in cloud computing environments.

DISA assists DoD agencies and departments in planning and authorizing the use of a Cloud Service Operator (CSO) while ensuring they meet DoD cloud security requirements. FedRAMP authorizes Cloud Service Providers (CSOs) at low, moderate, moderate+, and high impact levels. The DoD IL-4 is a certification that allows processing and storage of Controlled Unclassified Information (CUI) or Non-CUI, Non-Critical Mission Information and Non-National Security Systems.

In addition to the departments of the Army, Navy, Air Force and Marines, the DoD also allows other agencies including the NSA, CIA, DIA and other “3-letter agencies” to leverage the strict assessments, vetting, and approvals they have granted, to contract with those vendors who have successfully achieved each respective level. Lives and indeed global security are dependent on controlling and securing the information these departments and agencies transmit through any cloud service.

What’s “high consequence” for you?

Not every organization handles military and national security information of course, but CoSo’s IL-4 certification can still benefit other high consequence use cases, regardless of the magnitude of the disaster a security breach might cause. Only federal government agencies are allowed to participate in either DISA’s Impact Level or GSA/NIST FedRAMP programs. HOWEVER, CoSo adopts the same security controls, processes, and other safeguards in our commercial data centers as we do in our federal ones.  So in addition to government agencies, other industries can benefit such as healthcare, financial services, pharma, etc. Corporate espionage or even accidental leaks can sink a business—an outcome that may well be worse than fines from regulators.

In fact, most breaches come not from malicious activity but from employee accidents. Something as simple as taking a screenshot during a virtual meeting can lead to a high-consequence data breach for private industry as well as government agencies. Obviously the phish and ransomware risks are widely known. Particularly since the world has begun to work more from home, virtual training security has taken a hit with many participants connecting over less secure home networks and consumer ISPs rather than from within the more secure corporate networks.

In addition to enabling federal agencies to work better with Adobe Connect, CoSo’s IL4 classification makes it possible for state and local agencies to also leverage the higher security infrastructure using the same CoSo data centers that have achieved this higher level of government authorization.