Posted on

A Look at the Future of Supply Chain and National Security: Updates From CISA and NIST

The world of cyber threats is continually evolving, and the range of targets is constantly expanding. Fortunately, cybersecurity is rapidly progressing as well. In August 2023, two different U.S. government organizations published new reports about what to expect moving ahead, suggesting regulations and standards: CISA's Strategic Plan for FY24- FY26 and NIST SP 800-204D.

While these publications originate from two different U.S. agencies, both point to the same overarching path to securing our vital infrastructure and enterprise applications into the future. CISA lays out a broad vision with measurable goals we should be striving towards, whereas NIST provides actionable, tactical procedures. When read side by side, these publications suggest the next few years will bring a focus on hardening our defenses, improving our tooling for faster detection and remediation of threats, and transparent measurement with attestation.

Posted on

How to Prepare for a Personal Data Compliance Audit

As the basis for the main requirements for data protection, we will consider the EU GDPR as the most pervasive and influential legislation in this area. In this article, we will skip the legal and organizational parts of the regulation which you can read elsewhere, and jump right in to explain what technical measures you can implement to get compliant.

If you have a compliance check scheduled you will need to have the following in place:

Posted on

The Shifting Cloud-Native Landscape: Understanding Kubernetes Compliance and Security Frameworks

There’s a reason why Kubernetes (K8s) has become the world’s leading container orchestration platform, with 74% of today’s IT companies using it for containerized workloads in production. It’s often the simplest way to handle container configuration, deployment, and management at scale. But while Kubernetes has made use of containers easier, it has also added complexities when it comes to security.

Kubernetes’ default configurations don’t always provide optimal security for all workloads and microservices deployed. Plus, today you are responsible not only for defending your environment against vicious cyberattacks but also for meeting a wide variety of compliance requirements.

Posted on

Implementing Zero Trust Architecture on Azure Hybrid Cloud

This article outlines an approach to model NIST’s Zero Trust Security Architecture while migrating to MS Azure but still working with hybrid cloud deployments, and using tools and services offered by Azure.

What Is a Zero Trust Architecture (ZTA)?

The term ZTA has been in use in the domain of enterprise security models and architectures for organizations since 2010 when Forrester coined the term but became popular after NIST published it as a framework (SP 800-207, final version published in Aug. 2020). ZTA further got a lot of visibility after the US govt recently mandated all Federal agencies to adopt ZTA.

Posted on

Strategies and Technologies for Container Security

When adopting any new technology, the ability of that technology to mitigate or reduce security risks should always be on the table. Organizations hesitant to adopt containers are often wary of how their existing processes and paradigms address the challenges of securing containers in production.

For their many benefits, containers effectively represent a new layer in the application stack, which requires a new way of thinking about application security. In its Application Container Security Guide, NIST points out that as containers revolutionize application deployment, organizations must adapt their security strategies to new, dynamic production environments.