There is a principle long held by pilots that says as follows: “You have to trust your instruments.” This principle can be applied to organizations seeking to ensure the security of cloud and other deployments while lacking adequate security expertise. “Trusting your instruments” or “automating your asset monitoring” becomes an essential approach to any organization facing a lack of expertise or any other workforce challenge.
I can’t think of any greater workforce challenge than the government’s recent shutdown, nor can I think of a better time to adopt the “trusting your instruments” approach to security. While specific security impacts of the recent shutdown are anyone’s guess, most experts agree that it was a “nightmare scenario for the country’s cybersecurity functions.” Not only was the country’s overall cyber posture weakened, but every time the government shuts down, confidence in the government as a leading employer of cyber professionals is weakened.
Why encourage this important principle now that the shutdown has ended? I think it’s a given that the workforce shortage will persist globally for years to come, but more urgently, in three weeks from now, there is a strong possibility that non-essential government cyber personnel will once again find themselves furloughed.
So, how can agencies minimize the negative cyber impacts of future shutdowns? By gaining confidence that your organization’s automated asset monitoring “instruments” or tools provide a complete view of your security controls, across all deployment models. How is this accomplished? You can start by asking the following:
- Can you administer and assess the same controls across on-premise legacy systems and cloud networks with unified management and reporting?
- Will your solutions be able to support dynamically on-boarding and off-boarding nodes to ensure continuous coverage in elastic environments?
- Are you able to assess compliance of your cloud (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Rod Musser. Read the original post at: https://www.tripwire.com/state-of-security/government/event-shutdown-trust-instruments/