Cybersecurity is a top concern at the highest levels of government and industry worldwide More than ever, government and corporate leaders—from senators and members of Parliament to CEOs and board directors—are deeply engaged in ensuring effective cybersecurity strategies are in place at government agencies and companies.
Yet as investments in cybersecurity accelerate, breaches continue to occur with alarming frequency Something is not working What is it? And how do we fix it? There are many theories on what to do—everything from following new governance frameworks to deploying new products and services.
At VMware, we believe that more effective information security won’t be achieved by following a new framework or buying a particular product The answer is to get back to basics around least-privileged computing, and architect security in, rather than bolting it on as an afterthought This has been inherently difficult for organizations to achieve, but new capabilities provided by cloud and mobile computing now make it feasible, if not essential.
Moving to a more effective approach to security requires taking two fundamental steps: implement basic cyber hygiene and focus on protecting the “crown jewels”—mission-critical business applications.
In this paper, we propose five core principles of cyber hygiene as a universal baseline: the most important and basic things that organizations should be doing The concepts are not new but are key in moving to more effective security They are rooted in well-established frameworks such as the NIST Cybersecurity Framework (CSF) and are technology-neutral In the most devastating data breaches over the past few years—from Target to Sony to the U S Office of Personnel Management (OPM)—we think effectively adhering to these principles would have made a meaningful difference.
Still, implementing core principles of cyber hygiene effectively is not easy and has eluded organizations for years While it’s difficult to argue against the security benefits of least privilege (or “zero trust”)—many believe that it is operationally impossible to achieve Therefore, we also propose that organizations focus security efforts on protecting applications, specifically the mission-critical business applications that are their crown jewels, which are easier environments to control behaviors within In addition, we recommend using modern approaches of big data and machine learning to validate good behaviors vs chasing malicious activity.
This paper is intended to help government and corporate leaders understand specific problems with current cybersecurity strategies and how to move to a better approach It is written for leaders who are engaged in cybersecurity issues but not necessarily technical experts For security practitioners and others who may be interested in the more technical details, we provide a set of appendices including practical suggestions for implementation.
Improving cybersecurity is high on the agenda for government and industry As experts in cloud and mobility, we are proud to contribute our unique perspective to improving cybersecurity We believe it’s a valuable vantage point from which to tackle information security challenges We bring our ability to see through a different lens.
This article is posted at vmware.com
Please fill out the form to access the content