By Patrick Greer on Aug 03, 2021
Every organization has data moving to the multi-cloud; digital transformation is occurring rapidly, is here to stay, and is impacting every major industry. Organizations are working hard to adopt Zero Trust architectures as their critical information, trade secrets, and business applications are no longer stored in a single datacenter or location. As a result, there is a rapid shift to cloud resources to support dynamic mission requirements, and the new perimeter to defend is data. At its core, Zero Trust is a data-centric model and is fundamental to what McAfee Enterprise offers. In the Public Sector, data has now been classified as a strategic asset – often referred to as the “crown jewels” of an organization. Reinforced by the publication of the DoD Zero Trust Reference Architecture, we have arrived at a crossroads where demonstrating a sound data strategy will be a fundamental requirement for any organization.
All DoD data is an enterprise resource, meaning data requires consistent and uniform protections wherever it is created or wherever it traverses. This includes data transmitted across multi-cloud services, through custom mission applications, and on devices. Becoming a data-centric organization requires that data be treated as the primary asset. It must also be available so that it can be leveraged by other solutions for discovery and analytics purposes. To achieve this, interoperability and uniform data management are strategic elements that underpin many sections of DoD’s official vision of Zero Trust.
Let us dissect how the DoD plans to create a data advantage and where McAfee Enterprise can support these efforts as we explore the four essential capabilities – Architecture, Standards, Governance, and Talent & Culture:
Figure 1 – DoD Data Strategy Framework
McAfee Enterprise’s open architectural methodology emphasizes the efficiencies that cloud adoption and open frameworks can offer. The ability to leverage agile development and continuously adapt to dynamic mission requirements – faster than our adversaries – is a strategic advantage. Data protection and cloud posture, however, must not take a back seat to innovation.
The rapid pace of cloud adoption introduces new risks to the environment; misconfigurations and mistakes happen and are common. Vulnerabilities leave the environment exposed as DevOps tends to leverage open-source tools and capabilities. Agile development introduces a lot of moving parts as applications are updated and changed at an expedited pace and based on shorter, prescriptive measures. Customers also utilize multiple cloud service providers (CSP) to fit their mission needs, so consistent and uniform data management across all the multi-cloud services is a necessity. We are at a pivotal inflection point where native, built-in CSP protections have introduced too much complexity, overhead, and inconsistency. Our data security solution is a holistic, open platform that enforces standardized protections and visibility across the multi-cloud.
Together with our partners, we support the architecture requirements for data-centric organizations and take charge as the multi-cloud scales. Several items – visibility and control over the multi-cloud, device-to-cloud data protection, cloud posture, user behavior and insider threat – play into our strengths while organic partner integrations (e.g., ZTNA) further bolster the Zero Trust narrative and contribute to interoperability requirements. We are better together and can facilitate an open architecture to meet the demands of the mission.
DoD requires proven-at-scale methods for managing, representing, and sharing data of all types, and an open architecture should be used wherever possible to avoid stovepiped solutions and facilitate an interoperable security ecosystem. Past performance is key, and McAfee Enterprise has a long track record of delivering results, which is crucial as the DoD moves into a hybrid model of management.
Data comes in many forms, and the growth of telemetry architectures requires machines to do more with artificial intelligence and machine learning to make sense of data. How do we share indicators of compromise (IoCs) so multiple environments – internal and external – can leverage intelligence from other organizations? How do we share risks in multi-clouds and ensure data is secured in a uniform manner? How do we weaponize intelligence to shift “left of boom” and eliminate those post-compromise autopsies? Let’s explore how McAfee Enterprise supports data standards.
Made possible by Data Exchange Layer (DXL) and a strategic partner, the sharing of threat intelligence data has proven successful. Multiple environments participate in a security-connected ecosystem where an “attack against one is an attack against all” and advanced threats are detected, stopped, and participants are inoculated in near real-time. This same architecture scales to the hybrid cloud where the workloads in cloud environments can benefit from broad coverage.
Furthermore, DXL was built as open source to foster integrations and deliver cohesive partner solutions to promote interoperability and improve threat-informed intelligence. All capabilities speak the same language, tip and cue, and provide much greater return on investment. Consider the sharing of cloud-derived threats. No longer should we be limited to traditional hashes or IoCs. Perhaps we should share risky or malicious cloud services and/or insider threats. Maybe custom-developed solutions should leverage our MVISION platform via API to take advantage of the rich global telemetry and see what we see.
Our global telemetry is unmatched and can be leveraged to organizations’ advantage to proactively fortify the device-to-cloud environment, effectively shifting security to the “left” of impact. This is all done through the utilization of MVISION Insights. Automated posture assessments pinpoint where potential gaps in an organization’s countermeasures may exist and provide the means to take proactive action before it is hit. Through MVISION Insights, cyber operators can learn about active global campaigns, emerging threats, and whether an organization is in the path – or even the target. Leadership can grasp the all-important risk metric and deliver proof that the security investments are working and operational. Combined with native MITRE ATT&CK Framework mappings – an industry standard being mapped across our portfolio – this proactive hardening is a way we use threat telemetry to customers’ advantage.
Standardized data protection, end-to-end, across all devices and multi-cloud services is a key tenant of the DoD Data Strategy. Protecting data wherever it lives or moves, retaining it within set boundaries and making it available to approved users and devices only, and enforcing consistent controls from a single, comprehensive solution spanning the entire environment is the only data security approach. This is what Unified Cloud Edge (UCE) does. This platform’s converged approach is tailored to support DoD’s digital transformation to the multi-cloud and its journey to a data-centric enterprise.
DoD’s data governance element is comprised of the policies, procedures, frameworks, tools, and metrics to ensure data is managed at all levels, from when it is created to where it is stored. It encompasses increased data oversight at multiple levels and ensures that data will be integrated into future modernization initiatives. Many organizations tend to be driven by compliance requirements (which typically outweigh security innovation) unless there is an imminent mission need; we now have the compliance requirement. Customers will need to demonstrate a proper data protection and governance strategy as multi-cloud adoption matures. What better way to incorporate Zero Trust architectures than by leveraging UCE? Remember, this is beyond the software defined perimeter.
McAfee Enterprise can monitor, discover, and analyze all the cloud services leveraged by users – both approved and unapproved (Shadow IT) – and provide a holistic assessment. Closed loop remediation ensures organizations can take control and govern access to the unapproved or malicious services and use the information to lay the foundation for building effective data protection policies very relevant to mission needs.
Granular governance and control – application-level visibility – by authenticated users working within the various cloud services is just as important as controlling access to them. Tight API integrations with traditional SaaS services guarantee only permitted activities occur. With agile development on the rise, it is just as important that the solution is flexible to control these custom apps in the same way as any commercial cloud service. Legacy mission applications are being redesigned to take advantage of cloud scale and efficiency; McAfee Enterprise will not impose limits.
Governance over cloud posture is equally important, and customers need to ensure the multi-cloud environment is not introducing any additional source of risk. Most compromises are due to misconfigurations or mistakes that leave links, portals, or directories open to the public. We evaluate the multi-cloud against industry benchmarks and best practices, provide holistic risk scoring, and provide the means to remediate these findings to fortify an organization’s cloud infrastructure.
Unified data protection is our end goal; it is at the core of what we do and how we align to Zero Trust. Consistent protections and governance over data wherever it is created, wherever it goes, from device to multi-cloud. The same engine is shared across the environment and provides a single place for incidents and management across the enterprise. Customers can be confident that all data will be tracked and proper controls enforced wherever its destination may be.
Talent and Culture:
Becoming a data-centric organization will require a cultural change. Decision-making capabilities will be empowered by data and analytics as opposed to experienced situations and scenarios (e.g., event response). Machine learning and artificial intelligence will continue to influence processes and procedures, and an open ecosystem is needed to facilitate effective collaboration. Capabilities designed to foster interoperability and collaboration will be the future. As more telemetry is obtained, solutions must support the SOC analyst with reduced noise and provide relevant, actionable data for swift decision-making.
At McAfee Enterprise, we hear this. UCE provides simplified management over the multi-cloud to ensure consistent and unified control over the environment and the data. No other vendor has the past performance at scale for hybrid, centralized management. MVISION Insights ensures that environments are fortified against emerging threats, allowing the cyber operators to focus on the security gaps that can leave an organization exposed. Threat intelligence sharing and an open architecture has been our priority over the past several years, and we will continue to enrich and strengthen that architecture through our platform approach. There is no silver bullet solution that will meet every mission requirement, but what we can collectively do is ensure we are united against our adversaries.
Data and Zero Trust will be at the forefront as we move forward into adopting cloud in the public sector. There is a better approach to security in this cloud-first world. It is a mindset change from the old perimeter-oriented view to an approach based on adaptive and dynamic trust and access controls. McAfee’s goal is to ensure that customers can support their mission objectives in a secure way, deliver new functionality, improved processes, and ultimately give better return on investments.
We are better together.