In February 2013 the president of the United States issued Executive Order 13636, directing the National Institute of Standards and Technology (NIST) to take the best-known practices from industry and come up with a common Cybersecurity Framework for companies and government institutions. Understanding the basics of this framework can help IT organizations begin to develop their own cybersecurity plans. Working with people, process, and technology is required to successfully implement your new cybersecurity plan.
First, let’s look at the Cybersecurity Framework. The framework consists of five security functions: Identify, Protect, Detect, Respond, and Recover. Each of these functions is broken down into several categories and subcategories.
Here is a quick overview of the five Cybersecurity Framework functions.
- Identify the assets in your data center, how they are used in your business, the resources (human and physical) used in business context, and the risks to those assets. These can be documented using several different ways such as: asset inventory, business environment, governance plans, or risk mitigation plans.
- Protect the assets in your data center. Design, develop, and deploy processes and technology to ensure delivery of safeguards that deliver critical infrastructure services. The Protect function should limit or contain the impact of a security event. The results of the Protect function can include access control tools, security training, information protection plans, and other protective technologies.
- Detect cybersecurity events in your data center, holes in infrastructure security, and process/procedure inadequacies. The results of this function can include things like anomaly reports, security monitoring, detection processes, and audit processes.
- Respond to events from the Detect function. The goal of this function is to have an appropriate response to the threats detected during the Detect function. The results of this function can include response plans, communications, escalation plans, mitigation, and improvement plans.
- Recover from cybersecurity events detected during the Detect function. The goal of the Recover function is to bring your infrastructure back to a normal secure state. The results of this function can include recover plans, continuous improvement plans, and communication.
Implementing a Cybersecurity Framework
The first part of implementing a good security plan is to understand the key elements of security. The Cybersecurity Framework is a good start, but it does not cover everything that needs to be done. You also need to understand the assets at your disposal including people, process, and technology. I will leave the people and process part for another blogger. Let’s focus on technology. Specifically let’s talk about Software-Defined Infrastructure (SDI) and how it can help you implement a Cybersecurity Framework.
SDI Architecture overview
Here is a quick overview of the SDI Architecture.
- Orchestration and Control – orchestrates compute, storage, and network together in secured domains in response to user requests
- Telemetry – brings raw data from the infrastructure and applications to analytics for analysis
- Analytics – takes raw data and analyzes it so actions can be taken
- Policy Framework – analysis from the analytics is combined with the policy engine so the orchestration and control can request changes to the infrastructure
- Software-Defined Storage – control of storage resources through a software API
- Software-Defined Network – control of network resources through a software API
- Software-Defined Compute – control of compute resources through a software API
- Software-Defined Security – creation of security domains with resources and software tools
SDI and Cybersecurity Framework
Let’s map the Cybersecurity Framework to the different parts of the SDI architecture.
- Identify – Infrastructure gives you a list of all of the infrastructure resources in your private cloud
- Protect – The Policy Framework gives the ability to implement access control
- Detect – Telemetry and the Analytics components give the ability to detect anomalies and intrusions into the data center infrastructure
- Respond – Policy and Orchestration allows you to implement how to respond to specific cybersecurity events
- Recover – Policy and Infrastructure allows you to change policy to cover newly detected cybersecurity events
These are just a few examples of how these functions can be implemented using elements of SDI. The lesson here is to begin to understand the possibilities. Coming up with your own mappings will be key to your success in implementing a good Cybersecurity Framework for your business.