Nowadays, all kinds of companies are expanding their horizons and pushing their boundaries beyond what can be done in a physical office space. Even before the COVID-19 pandemic and its effects on businesses across the world, mobility and flexibility have been strategic priorities. Now, our new normal has made most businesses at least partially remote.
NIST 800-171 / DFARS
“Do not trust anyone!” The catchphrase that best describes zero trust, is a security concept encouraging organizations to automatically distrust all network activity. As this security concept gains traction, many security providers are flooding the market with solutions. In this article, we will unpack the top technologies for a zero trust cybersecurity architecture.
Cybersecurity implementation can be a long and complicated process if your organization hasn’t been built with security as a part of its design. This is why different committees, interest groups, governments, and cybersecurity professionals come together to develop robust cybersecurity frameworks and regulations.
Depending on the industry that your organization is part of, these frameworks and regulations may be known to you as CIS CSC, NIST, ENISA, ISO 27001 ect. With so many frameworks it is hard to know which is best suited to your organization’s needs. Although all frameworks have their merit, some pertain to either specific industries or requirements.
There’s been a paradigm shift over the past decade and a half in the world of cybersecurity. Whereas older models and systems prioritized perimeter defense, the definition of “perimeter” itself has changed over time. Today, businesses are increasingly mobile and remote, utilizing cloud servers to extend the workforce far outside the office or headquarters.
These changes are all the more necessary in our current environment of pandemic response. Our mandated practices of social distancing and work from home (WFH) have created an environment in which every company is rethinking its perimeters in real time. These challenging times call for new practices, and zero trust framework is the future of cybersecurity.
Cloud technology has revolutionized the way businesses operate all across the world. Cloud servers enable any company to leverage others’ computing capabilities to mobilize their own workforces, enabling greater flexibility in all business operations. Whether it’s enabling the storage of sensitive data or work from home, the cloud is key to all businesses’ future.
Many current cybersecurity plans and models follow an older set of priorities that hinge upon the importance of strong perimeter defense. To use a physical analogy many cybersecurity architectures focus on building up the walls and moats protecting the very outside of your castle from attack. But inherent in these schemes is an implicit trust of everyone already inside.
Department of Defense contractors and subcontractors have a big change to cybersecurity governance regulations. Current cybersecurity standards (NIST 800-171) are being updated into a new framework called CMMC.
Attentiveness and thoroughness can spell the difference between booming and bankruptcy in today’s ever-changing digital business landscape. With global e-retail sales projected to hit 47 percent this year, the need to have an optimization strategy, clear customer experience, and a practical plan for operational execution becomes more apparent to stay competitive.
Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.
Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.
HITRUST vs. NIST
With the passing of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 came the need to update healthcare records onto electronic devices. Although, the adoption of these electronic health records (EHRs) primarily came later, when the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009. With the combined set of rules and regulations, being both HIPAA and HITECH compliant became a complex puzzle for healthcare organizations to piece together.
But data and data security issues weren’t going to wait. With the significant proliferation of computers, smartphones, and other electronic devices, data security and privacy regulations needed to be streamlined and enforced. Thus, frameworks for data security and security compliance were created.
NIST and HITRUST are both frameworks that help healthcare organizations stay HIPAA compliant to avoid penalties for data security breaches. Though the question then becomes: which framework should be used, and are the two compatible? To explore these questions and more, read ahead.