We established in our last blog that organizations are under constant attack and that the type of threat we need protection from is changing and evolving every day.
We need to focus on keeping our businesses operating in the face of this persistent threat. How do we plan for threats we haven’t even seen yet? Our answer is resilience. Rolta AdvizeX builds resilience into your organization to protect what matters most for your operations.
Leveraging industry standards like the CIA triad and the NIST Cybersecurity Risk Management Framework, Rolta AdvizeX has built a straightforward model that focuses on protecting what’s most important to your organization. The majority of attacks today are focused on getting to your sensitive or regulated data, therefore our model focuses on that pain point. We call it the Data Centric Security Model (DCSM).
There are 5 layers to the model and if you build security controls into each of these layers, relative to your sensitive, regulated, and/or critical workflows you will enhance resilience and be ready to weather the raging storm of cyberattacks. Here’s a quick look at each of the layers, working from the center and moving outwards.
- Data—Your most sensitive data needs to be encrypted at rest and in some cases of extreme sensitivity, encrypted while in use as well. Your data must also be recoverable. You can avoid the impact of compromise by maintaining a pristine copy of your data.
- Identity—You need strong authentication and authorization to access your data. Identity is the new perimeter as processing capabilities move off-premise and are governed by vendor contracts and SLAs. Multi-factor authentication is the gold standard and will help you transact with confidence. The second step is authorization and establishing roles to define what you can do with the data once you have accessed it.
- Network—You need to be able to protect, detect, and respond on the variety of networks between your many devices. Examples include the network between your mobile phone and the server behind the app you are using, or between your laptop and the webcast server you are watching a webinar from.
- Platform—This is where security hygiene lives. We all must be diligent about doing patches, updates, etc. It’s not a very exciting topic, but many breaches and ransomware attacks today are succeeding because we aren’t doing these as regularly as we should be.
- Governance—This is the layer that wraps it all together, the layer where the business tells the technologists what functions to protect and enable. In addition to the technologies and processes on the inner layers of the model, this is another area where Rolta AdvizeX can help you a great deal. Our Security Advizer engagement identifies what you are currently doing and what you should be doing, all based on a combination of your organizational goals and compliance drivers. We break that down into a series of prioritized initiatives laid out on a roadmap to get you where you want to be in regards to security.
The Rolta AdvizeX approach to security finds out where you are, where you need to be and how to close the gaps. We propose initiatives both large and small to fit into your current budget or that can be budgeted for the coming years, or put in an emergency budget request depending on urgency.
We have the expertise to recommend and implement tools like the RSA NetWitness Suite for detective controls, the RSA SecurID Suite for multi-factor authentication and cloud single sign-on, and Dell EMC DPS for maintaining a pristine copy of your data. We believe organizational resilience is how you will withstand the attacks that you don’t know about yet. The truth is that you will be attacked, so build up your resilience now with help from the experts at Rolta AdvizeX.
If you missed our last blog, you can catch up on cybercrime trends for 2017 here. ▪