Oct 18, 2021
The numbers are daunting: about 78% of organizations have been victims of one or more cyber attacks. Threats are growing at an astonishing rate of 350% in ransomware alone, and those breaches can be incredibly costly, on average $3.86 million per incident. Nearly half of U.S. federal government respondents in the 2021 Thales Data Threat Report noted they have experienced a security breach at some point, and of these, 47% said they had experienced a breach in the last 12 months. It is common knowledge that every organization faces cyber threats, and the risk is both external as well as internal, whether due to human error or bad actors.
Cybersecurity risk increases with complexity. Government agencies typically have a complex IT ecosystem, composed of a mix of legacy data centers, private clouds, and numerous public clouds. Furthermore, virtual machines and cloud computing have eliminated traditional data security boundaries. The distributed nature of data across dissimilar IT environments has created new security challenges for the public sector. Separate silos of enterprise storage, networks, and servers mean more complexity and staff to support, but also it means more vulnerability and possible attack points. Moreover, with most organizations moving to a “work from home” model due to the pandemic, cyber predators have taken advantage of easier access to sensitive data and networks, as well as the relative ease at which they can leverage sophisticated models of attack.
With the Executive Order on Improving the Nation’s Cybersecurity, every Federal agency is mandated to adopt a Zero Trust Architecture (ZTA). ZTA was developed to give greater protection to data given the disparate nature of IT as it exists today. ZTA was ratified by the publication of NIST SP800-207, and further referenced in the NSA Cybersecurity Information sheet.
ZTA works on the premise that access to digital objects, like resources, applications, data and metadata should never be implicitly granted. Instead, access should be constantly and continuously evaluated to be appropriate. This strategy moves the boundary of “challenge response” from a perimeter-based approach to a more pervasive model that is closer to the resource being accessed, each and every time.
Don’t be fooled into thinking that ZTA can be accomplished with a specific tool, or by addressing Identity and Access Management or Network Security best practices. ZTA implementation and compliance can be tricky and is continuous. IT organizations must embrace a new mindset to how they build and secure systems in a ZTA.
Nutanix integrates security into every step of its solution stack from the early stages of development. For example, the stack conforms to Security Technical Implementation Guides (STIGs), which maintain a security baseline configuration based on common standards established by the National Institute of Standards and Technology (NIST). Nutanix products were tested and selected for inclusion on the Department of Defense Information Network (DoDIN) Approved products List (APL).
The Nutanix® Cloud Platform includes recent innovations with the launch of AOS™ version 6 software, to help government agencies and the military build modern, software-defined data centers and speed their hybrid multicloud deployments. Through these new features, government IT will get powerful built-in virtual networking, enhanced disaster recovery, and simplified zero-trust security that otherwise would require additional specialized hardware, software, and skills. Most importantly, due to the integrated nature of the Nutanix Cloud Platform, all functionality is managed through a single interface significantly decreasing operational overhead.
Nutanix can accelerate government IT’s alignment to NIST 800-207 ZTA by providing the necessary foundation on which government agencies can build their IT environment, whether on-premises (private cloud), public cloud or hybrid multicloud. This foundation is composed of software and automation, including the following:
The Nutanix Corporate Cybersecurity and Product Security and Compliance teams are responsible for the security policies and standards that govern Nutanix and its products and services. Learn more at www.nutanix.com/trust.