Data Protection

Transforming Security for our Next Generation Systems

David Edborg By David Edborg Portfolio Manager, Business Resiliency April 25, 2017

Cyberattacks on IT assets are reaching new highs. Just when you think you are caught up, another unforeseen attack vector has opened.  Look at just about any security architecture – it has been implemented slowly over time in a piece-meal fashion; leaving a mix of old and new technologies and overlapping parts and pieces, with few pieces talking to each other.

CISOs looking across their security architectures can only hope their solutions will withstand the onslaught of a cyber-attack.  A scary proposition indeed.  Recently, a CISO for a large financial services organization shared that his security architecture is composed of over 190 products. Despite this, he still feels vulnerable.

How do you manage 190 security products?  Can you imagine the overlaps and the potential for gaps?

The US National Institute of Standards and Technology published a Cybersecurity Framework, also called the CSF and just released a draft for the next version.

The Cybersecurity Framework was developed to “enable organizations to apply the principals and best practices of risk management to improve the security and resilience of critical infrastructure.” The original CSF was released in 2014 and consolidates security research, international standards, and best-practices into a comprehensive protection guide.

At a high-level, the framework has five functions, and under these functions are categories and sub-categories.

I’ll leave it to you to read the full details on the NIST Cybersecurity Framework site, but essentially the five functions boil down to:

Identify—understand your assets, risks, governance, and create a cyber-risk management strategy

Protect—protect the assets, train your people, and keep up on maintenance

Detect—create the processes and implement the technologies to detect cyber mischief, and monitor for anomalies

Respond—develop a cyber-incident response plan and continue to improve

Recover—develop a recovery plan, test it, and continue to improve

The CSF is a great way to organize approaches to cybersecurity – although at the lowest levels of the framework, reference standards and tiers of implementation, are enormously complex.  One of the collaborators of the Cybersecurity Framework explained at the February 2017 RSA Conference that the latest CSF pointed to over 120 security controls in these areas.  Yikes!!! There’s got to be a better way.

We have made 2017 the year of Security Transformation. Now is the time to prioritize your organization’s cyber-security practices and evolve to combat new threats. We are joining the expertise of RSA, SecureWorks, VMware, and Dell EMC to produce adaptive security products and services to help you lead your security transformation.

 

David Edborg

About David Edborg


Portfolio Manager, Business Resiliency

David originally joined EMC (now Dell EMC) in 2005 and is currently the Portfolio Manager for Dell EMC Business Resiliency Services. Over his career at Dell EMC, David has served as a Global Practice Manager for Availability Technologies, as an Availability Services Solutions Principal, and as the Chief Architect for EMC’s Continuous Availability Services Line.

David has over thirty years in the computer security and disaster recovery industries. Out of college David worked as an IBM Assembler coder and wrote operating system mods for ACF2/VM; the first ever security product for IBM’s Virtual Machine OS. He has worked with other vendors and partners in the DR industry, including supporting recoveries from the 9/11 event. David has also worked in the packaged software industry as Director of Development and Support for a computer security product.

Read More

Share this Story
Join the Conversation

Our Team becomes stronger with every person who adds to the conversation. So please join the conversation. Comment on our posts and share!

Leave a Reply

Your email address will not be published. Required fields are marked *