Strengthen Security of Your Data Center with the NIST Cybersecurity Framework

Companies recognize the need for a cohesive cybersecurity solution to address all threat vectors across their entire landscape. However, many lack the deep understanding needed to implement and sustain solutions.

Business leader responses to the new Digital Transformation Index Study highlight security concerns as the #1 barrier impeding their digital transformation, moving up from 5th place in the 2016 study. Not surprisingly, business leaders cited security as their top technology investment over the next 1-3 years. They also identified lack of in-house skills and expertise as the #3 barrier to digital transformation.

Data from another recent Global Data Protection Index survey corroborates these observations, especially around security. The survey shows that the number of businesses unable to recover data after an incident nearly doubled from 2016. Aside from infrastructure failure, the biggest threat identified in the survey is security breach.

Source: Global Protection Index, March 2019

As threats of information breach, hacking, data theft, and ransomware attacks increase, companies must equip their IT people with necessary skills, knowledge, and organized thinking. These abilities are essential to implementing effective cybersecurity solutions.

Guiding Implementation Using NIST Cybersecurity Framework 

Whether planned or not, data centers undergo constant change. Planned hardware and software updates, governance rules, compliance regulations, security events and unplanned outages are just some of the challenges data center staff face.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework has the broadest application and is the most recognized and widely used. NIST was tasked with development of a “Cybersecurity Framework“ to provide a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.

The most common representation of the NIST Framework includes five functions – Identify, Protect, Detect, Respond, and Recover. Each should be evaluated by organizations in pursuit of ongoing cyber resiliency. NIST has segmented the five functions into specific topics: categories, subcategories and informative references.

Organizations can use these functions and categories as a topical list of actions to consider as part of their security strategy. While these topics should be considered for implementation, there are many factors that will determine how these actions are implemented. Whether employing some, many or all, there is no right or wrong way to implement this framework.

The five functions represent the primary pillars of a successful and holistic cybersecurity program.

Identify

  • Helps organizations understand and manage cybersecurity risk to critical systems, people, assets, data, and capabilities.
  • Based on the premise that you cannot effectively protect something if you are unaware of its existence.

Protect

  • Helps organizations understand and apply appropriate safeguards to ensure delivery of critical infrastructure services.
  • Supports the ability to limit or contain the impact of a potential cybersecurity event.

Detect

  • Helps organizations define the appropriate activities to identify the occurrence of a cybersecurity event.
  • Enables timely discovery of cybersecurity events.

Respond

  • Describes process, procedure and other activities to take when a cybersecurity incident is detected.
  • Supports the ability to contain and minimize the impact of a cybersecurity incident.

Recover

  • Helps organizations determine appropriate activities to maintain plans for resilience and to restore capabilities or services impaired due to a cybersecurity incident.
  • Supports timely recovery of normal operations to reduce the impact of a cybersecurity incident.

Comprehension of these terminologies, processes, frameworks and their components provide foundation of essential skills and knowledge. Adopting and implementing a framework ensures consistency for everything from language and terminology to process and procedure. When staff understand roles and responsibilities the result is increased preparedness and faster return to business as usual after an attack.

NIST Cybersecurity Courses and Certification

Dell Education Services offers courses and certification that complement this broad overview of cybersecurity and frameworks.

Introduction to IT Frameworks and NIST

Provides an overview of several different frameworks and their origins. This free online course also details the elements of the NIST Framework.

Implementing the NIST Cybersecurity Framework

Provides detailed coverage of the framework and uncovers the processes used to understand risk and prioritize and implement security goals in their environment.

Dell Proven Professional Specialist Certification

Validates skills to implement the NIST framework components to drive improved cybersecurity practices into the data center, evaluate risk, and prioritize changes based on business needs and changes in the security landscape.

Do You Have What It Takes to Compete in the Digital Economy?

Discover the processes and methodologies used to integrate the NIST Cybersecurity Framework in your data center environment today by visiting Dell Education Services for more details and to register for the courses.

About the Author: Michael Dulavitz

Mike Dulavitz has a passion for working with new technology and helping to drive adoption using a broad set of communication media and modalities. During his 15 year tenure with Dell EMC, Mike has developed and delivered professional service solutions in the backup and archive space and has worked on many products and technologies including Centera, Atmos, SourceOne, ECS, ViPR, Dell Data Security, virtualization and cloud. Over his 30+ year career, Mike has taken on a variety of roles in support, QA, solution delivery, education development and product management working with telecommunications, data communications, storage and data security products and systems. An author of countless training courses and training collateral, Mike also co-authored the Information Storage and Management book originally published by Wiley in 2009.