There is a principle long held by pilots that says as follows: “You have to trust your instruments.” This principle can be applied to organizations seeking to ensure the security of cloud and other deployments while lacking adequate security expertise.
“Trusting your instruments” or “automating your asset monitoring” becomes an essential approach to any organization facing a lack of expertise or any other workforce challenge.
I can’t think of any greater workforce challenge than the government’s recent shutdown, nor can I think of a better time to adopt the “trusting your instruments” approach to security.
While specific security impacts of the recent shutdown are anyone’s guess, most experts agree that it was a “nightmare scenario for the country’s cybersecurity functions.”
Not only was the country’s overall cyber posture weakened, but every time the government shuts down, confidence in the government as a leading employer of cyber professionals is weakened.
Why encourage this important principle now that the shutdown has ended?
I think it’s a given that the workforce shortage will persist globally for years to come, but more urgently, in two weeks from now, there is a strong possibility that non-essential government cyber personnel will once again find themselves furloughed.
So, how can agencies minimize the negative cyber impacts of future shutdowns?
By gaining confidence that your organization’s automated asset monitoring “instruments” or tools provide a complete view of your security controls, across all deployment models.
How is this accomplished? You can start by asking the following:
- Can you administer and assess the same controls across on-premise legacy systems and cloud networks with unified management and reporting?
- Will your solutions be able to support dynamically on-boarding and off-boarding nodes to ensure continuous coverage in elastic environments?
- Are you able to assess compliance of your cloud assets and cloud management accounts to cloud policies and platforms in addition to the policies and platforms that you use on-premises?
- Are you able to assess and monitor cloud-oriented technologies like Docker containers, Kubernetes, and CI/CD solutions like Ansible, Puppet and Chef?
- Can your monitoring tools operate in an architecture that can support physical, virtual, private and public cloud environments?
As a “Shutdown: Part 2” remains part of the current political negotiations, now is the time to learn how to build trust in your instruments.