Security has always been about identifying who or what can be trusted accessing data, and what they can do with that access
Security has always been about identifying who or what can be trusted accessing data, and what they can do with that access. Early enterprise networks used a strong walls approach, the notion of a single perimeter, akin to a moat around a castle, as the line of trust delegation. In other words, gaining access to any point of the perimeter is sufficient for establishing trust and anyone outside the perimeter is untrusted. This approach remains heavily in place today but unfortunately has fallen behind in sufficiently securing networks and data in the modern technology landscape.
Progressively sophisticated adversaries and intentional or unintentional malicious insider behavior as well as new challenges such as cloud computing and bring your own device (BYOD) policies have made the task of securing data against threats increasingly difficult.
The “gold standard” in risk management framework is NIST’s CSF, and its operational implementation found within the FedRAMP program
Today, the “gold standard” in risk management framework is NIST’s CSF, and its operational implementation found within the FedRAMP program. The NIST CSF is widely recognized as an effective security framework for both private and public organizations, assisting them to move from being reactive to proactive when it comes to risk management and effective security posture.
Commercial organizations are increasingly adopting the risk management framework (RMF) found at the National Institute of Standards (NIST) and Technology’s Cybersecurity Framework (CSF). This is the approach that should be taken by every organization that is truly concerned about securing their data.
NIST’s CSF framework’s core contains five functions:
- Identify
- Protect
- Detect
- Respond
- Recover
These functions were specifically chosen because they assist organizations in conveying their management of technological risk and enable educated risk management decisions.
The Identify function involves having an in-depth understanding of the organization and its systems, data, people, and assets, allowing the organization to focus and prioritize its efforts.
The Protect function acts as an outline to effectively ensure the safety of assets and the delivery of architectural services, hopefully limiting the possibility or impact of a cybersecurity event.
The Detect function is critical should there be a cybersecurity event as it highlights the activities capable of identifying the event, allowing for prompt discovery of the attack.
The Respond function demonstrates how best to contain the impact of a security incident so that it does not escalate into a major issue.
Lastly, the Recover function accentuates the activities appropriate for restoring any impaired capabilities or services, so that the organization can get back to normal business operations as quickly and smoothly as possible.
The NIST’s CSF risk management framework is ideal for all organizations to implement regardless of size as it is imperative to have a consistent and well-detailed methodology for managing cyber risk. Additionally, because of the framework’s outcome driven nature, it breeds scalability - it was designed with all types of data infrastructure in mind and is extremely versatile.
In today’s environment, organizations should require, in fact demand, the highest level of security
In today’s environment, organizations should require, in fact demand, the highest level of security. FedRAMP High is the optimal implementation of the most strict NIST standards.
As you face challenges with your current cloud services you need to look for a robust enterprise solution to securing your data. The CyCloud platform provides that solution as the practical implementation that is in a full alignment with the NIST - FedRAMP HIGH framework for enterprises.