While the Continuous Diagnostics and Mitigation (CDM) program is here to stay for Federal agencies, taking proper approaches to data classification, collection, and analysis are key components to optimizing the program’s aims, security experts said last week at MeriTalk’s Cyber Security Brainstorm event.
The panel of CDM experts from Veritas, RedSeal, and Splunk offered candid assessments of the importance of data classification and collection as the CDM program moves to incorporate a more robust dashboard ecosystem.
On the subject of data classification and protection, David Bailey, Senior Director of U.S. Public Sector Technical Sales at Veritas, used a joke to illustrate the difference between critical data, and less important information. “They each have different [tiers]—they all want to put cat videos on tier-one storage enterprise data protection. Maybe, maybe not. Probably not,” he quipped.
“But if it’s mission critical data containing patient data for a hospital or the VA, we’d want to put that into the most mission critical tiered storage with the best, maybe multiple forms of a protection, and lots of role-based access controls,” Bailey said, adding that sometimes understanding what data needs to be protected the most gets lost in translation.
RedSeal Federal CTO Wayne Lloyd said it was important for organizations to thoroughly understand what their data environments look like, and once they do, that can make data classification simpler.
“One of the things at RedSeal that we typically see on 100 percent of our deployments is you make a model of the network so that the organizations can understand what IP space they have, and where the data may be residing,” he said. But each of those exercises also ends up revealing that organizations “don’t know their entire network,” he added.
In addition to properly identifying and classifying data, Adilson Jardim, Area Vice President for Public Sector Sales Engineering at Splunk, said there should be an emphasis on the “continuous” part of CDM, and that it shouldn’t “be a program that ends in five years.”
The new CDM dashboard ecosystem will yield great benefits, but Jardim said he hopes to see improvements that include being able to see how security posture is improving, and developing key metrics that drive success and better outcomes.
“So the dashboard level up to the Senior Program Office, for example, has to inform and support the fact that within the agency the cybersecurity machine needs to certainly be more automated, and needs to be more constructive within the context of the agency,” Jardim said. “So CDM should inform at the agency level first, and then the dashboard and functions support that,” he said.