In a Request for Information released Monday, the consolidated city and county of San Francisco hopes to learn more from tech companies on citywide cloud security. Geographically, the local government covers nearly 47 square miles. Among the takeaways:
- The city/county seeks “to establish a Citywide Cloud Security program focusing on protecting against cyberattacks Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS),” it said in the RFI, by standing up a “comprehensive solution that secures city cloud-based technology hosted externally at major cloud providers.” The city’s cybersecurity team therefore wants to hear from vendors that provide “robust, automated, and comprehensive cloud security assessment and management tools” capable of supporting the local government’s objectives around slashing risk and vulnerability on public cloud platforms.
- A major part of the initiative centers on “detection and remediation of cloud platform misconfigurations,” per the RFI, and the ability to “audit access control, and deploy secure cloud technology.” The city cybersecurity team’s goals include gaining visibility into public cloud workloads and identifying and remediating “misconfigurations, vulnerabilities and threats” to city cloud systems and networks. The team is focusing on securing city departments and the extended enterprise “with an emphasis on cloud deployments, serverless applications, and containerized systems.” It seeks “information to determine how to proceed in formalizing cooperative agreement(s) with potential partners.”
- It’s not yet clear whether this RFI will lead to a Request for Proposals. The city said that may happen, and if so, this information collected would inform an RFP. The city reserves the right to invite vendors to demonstrate projects and respond to questions at a later date. The term and value of any eventual contract are thus also unclear. Responses to the RFI are due by 2 p.m. Nov. 16.
