Managing Cyber Risk by Monitoring and Managing Network Elements
By: Matthew Vulpis
Originally published on Cloud Computing Magazine
Late last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a report entitled “Modernizing Cybersecurity Programs,” which was provided to Members of Congress. 2020 was a year of unprecedented attacks on networks, systems, applications, and devices as the COVID-19 pandemic raged across America and around the world.
CISA continues to lead the civilian government-wide effort to improve cybersecurity operations, including agencies’ visibility into their networks (in both cloud and on-premises environments), so they can detect and respond to cybersecurity incidents immediately and efficiently.
CISA conducts research and pilots as part of its mandate to improve its National Cybersecurity Protection System (NCPS) and Continuous Diagnostics and Mitigation (CDM) capabilities.
They work closely with the Federal Risk and Authorization Management Program and other agencies, including the U.S. General Services Administration (GSA), to ensure that when contracting with cloud providers, agencies can use government-wide security clauses to ensure better data protection.
This most recent report focused a great deal on the impact of virtualization and cloud, for both tenants (agencies) and Cloud Service Providers (CSPs), and by cloud security access brokers (CSAB) that serve as sources for agencies’ hardware, software, infrastructure, and security services.
“CISA is committed to consistent and continuous improvement of security operations at federal civilian agencies and is adapting the current capabilities of CDM and NCPS while also planning for long-term capability enhancements,” the introduction to the report reads. “CISA also is working with the Office of Management and Budget to evaluate the current state of cybersecurity operations across the Federal Government and to identify and standardize the core security operations centers (SOC) capabilities offerings in the agencies. Based on their specific needs and availability of internal capacity and expertise, agencies eventually will be able to decide whether to supplement their existing capabilities with individual, third-party-provided SOC services or to migrate their SOC operations to a SOC-as-a-Service model.”
The ongoing federal transition from on-premises architectures to cloud-computing models creates the same fundamental shift for government entities as it does for commercial enterprises, educational institutions, NGOs, and Non-Profits.
Given the complex and increasingly disparate nature of cloud computing, this transition affects the location, means, and methods of protecting agency data. When agencies adopt a data-centric security approach, in which data itself is conceptualized as an asset, it necessitates an evolution in the ways by which agencies protect data, regardless of its location.
An updated report will come later this year and will include, for example, a focus on Identity, Credential, and Access Management, which will allow agencies to focus resources on strengthening cloud access to data assets over secure networks, and will outline fundamental principles, challenges, and recommended practices for protecting identity assets and infrastructure in cloud environments.
We asked Orhan Yildirim, CTO of Ironsphere, about the evolution of network element management, a practice some refer to as telemetry within large data centers and other locations, and he said, “Like every large enterprise, service provider, cloud service provider, and managed service provider, the government knows it needs a flexible environment that can anticipate and respond to evolving cyber threats. We are seeing a new level of cooperation and collaboration in the cybersecurity tech ecosystem, as solution providers, including Ironsphere, invest in and leverage the rapid advancements of cloud-based technologies that enhance the productivity of cyber analysts responsible for ensuring assets are fully protected.”
Given the fragmentation caused by so many products, applications, edge, and core computing, Yildirim applauded the CIST’s ongoing efforts to identify new capabilities and approaches for protecting government networks.
“Especially when more employees are working remotely, and as more data and computing is moving to the cloud, network element management is mission-critical. Our clients, including large global banks and multinational service providers, are on a continual journey with us to modernize the corporate network and enable the next generation of technology, and are seeking innovative ways to protect assets by automating direct access,” Yildirim said.
Yildirim sees infrastructure as a utility because it is always on and must be highly scalable, resilient, and high-performing. “As organizations and as an industry, we must constantly improve the way people and systems interact with services and data, and that starts with ensuring only authorized analysts and others can access machines. It would be impossible to do this, especially as massive digital transformations are underway, without an automated solution based on Zero Trust.”
Big challenges include an Internet-first mindset; the public Internet is the single most profound enabler of mobile-first, cloud-first technology. Given the cost differentiation of wireless vs. wired networks, security must also work with devices connected via wireless, including RAN networks and increasingly 5G networks which use spectrum to bring private networking to enterprises and organizations – P-LTE.
“We must embrace an automation everywhere paradigm,” Yildirim said. “The most efficient and secure enterprise networks can be run with as little human interaction as possible, and when human interaction is required, automating credentials to ensure only privileged users gain access is the only way forward. Automation enables flexible network connectivity modifications based on policy designed to protect elements and ensure the security of valuable data.”
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.