When the Continuous Diagnostics and Mitigation (CDM) program was established in 2012, federal agencies were already in the early phases of adopting the White House’s pivotal “Cloud First” strategy.
As its name suggests, cloud first required federal agencies to determine if there was a cloud-based solution for any application or system they wanted to incorporate into their enterprise.
While the creators of CDM knew that cloud computing would be a consideration, they could not envision how the cloud would ultimately alter how government agencies store, deliver and consume information. Under cloud first, security was seen as a unique concern to cloud-related projects, rather than an integral part of an agency’s overall cyber security strategy.
That, of course, has changed. As federal agencies continue to turn to the cloud, they have discovered the cost, productivity, and strategic advantages that it offers. In doing so, however, agencies have fundamentally changed the way their information technology architectures operate.
Now, applications and platforms, even those that were once siloed, find themselves either living in the cloud or connected, in some way, to a cloud service. This paradigm shift alters how agencies must implement technologies and policies as they move forward with the CDM program.
A Shift in Technologies
With the cloud now a core part of federal architectures, technology improvements to meet the continuous monitoring and reporting goals of CDM must be done with that in mind. Before this shift, agencies could focus on their largely walled off networks.
Cloud and mobile have extended this network outside of the agency to wherever data resides. As a result, agencies must now ensure that their monitoring systems follow that data. Agencies need to consider end-to-end data loss prevention (DLP) technologies that can protect the data whether it is on-premise, in the cloud, or somewhere in between.
DLP ensures that the data remains secure, while also providing the network visibility required by CDM. With a cloud-focused DLP capability, agencies can:
- Inspect content extracted from cloud application and web traffic, and automatically enforce data policies
- Establish controls to un-share sensitive files, quarantine, and block them from leaving the application
- Apply identity-based encryption and digital rights automatically to specific files shared with third parties
- Provide accurate, real-time monitoring of email traffic by leveraging advanced detection capabilities that minimize false positives
- Enable automated messaging blocking, or message modification to enforce downstream encryption or quarantining
- And so much more…
Using an overall DLP approach not only helps meet the guidelines laid out in CDM, it serves as the preferred method of cyber defense in a cloud-connected world.
CDM was established long before the cloud became what the cloud is today. As such, federal agencies need to consider the implications of today’s environments. The overall goals of CDM are positive and fit in line with the top thinking around cyber security. As the cloud continues to become a bigger part of the technology ecosystem, federal agencies need to ensure they have the right security technologies in place to protect data at every stage.
We encourage you to share your thoughts on your favorite social platform.