Encryption Helps Agencies Meet CDM Phase 3 Requirements

CDMCybersecurity in government is paramount today. Even with new policies and standards coming from executives, like last year’s Cyber Security Sprint or the Cybersecurity National Action Plan, the number of attacks against federal systems continues to grow at astonishing rates – in 2015, 307,112,342 data records were lost or stolen from agencies and other public sector entities. Even more, in the first half of 2015 alone, government agencies lost 77.2 million records due to cyber-attacks. These statistics reflect on federal cyber executive’s opinions as well. In fact, 59% of respondents in a recent federal executive survey said that they believe their agency currently struggles to understand how cyber attackers could breach their systems; even more 65% disagreed or disagreed strongly that the federal government is capable of detecting ongoing cyber-attacks.

Given the increased connectivity between agencies and the fact that government systems house sensitive data – containing everything from healthcare records to matters of national security– detecting new and ongoing threats is especially significant. The Continuous Diagnostics and Mitigation (CDM) program, spearheaded by DHS, is designed to help government agencies establish dynamic safeguards against evolving threats, offering leaders a holistic approach to security that addresses the network, cyber awareness, and the actual attack target itself – the data that is used to run government.

CDM encompasses three phases and fifteen functional areas; the first phase has already been completed by most agencies and the second phase is currently in process. The third phase, “Boundary Protection and Event Management for Managing the Security Lifecycle,” begins in fiscal year 2017 and focuses on risk management, boundary protection, and predictive approaches to cybersecurity. The phase also addresses various approaches for securing sensitive data, including the use of data-at-rest encryption.

By establishing safeguards around sensitive data through encryption, agencies can minimize the risks associated with leaving it unprotected. Since agency data can reside in a mix of dynamic environments, including data centers, off-premise servers, and the cloud, agencies must control and protect data no matter where it lives. This comprehensive approach should be deployed agency-wide to protect data in support of CDM Phase 3.

While many solutions address one or two of the requirements of data protection under the CDM umbrella, Vormetric’s Data Security Platform helps organizations comply with or exceed multiple CDM requirement groups using best-of-breed:

  • Encryption and key management

Transparent, centrally managed file and volume encryption

  • Access controls

Role-based access controls integrated into the existing security structure

  • Multi-tenant support

Secure multi-tenancy support in the data center, cloud environments, and autonomous servers, independent of operating systems

  • Privileged user controls

Granular controls that blind data at rest for greater defense against insider threats

  • Security intelligence

Logs that capture attempts to access protected data

Vormetric’s comprehensive high-performance data security platform helps agencies comply with CDM quickly and efficiently. By protecting data wherever it resides using advanced transparent encryption, powerful access control, and centralized key management, organizations can encrypt efficiently with minimal business disruption.

As cyber threats continue to evolve, agencies must continue to adapt to executive orders and improve their security posture. Data-at-rest encryption is a powerful and transformative way for agencies to reduce risk and minimize the number of federal cybersecurity incidents.

For more information on the Vormetric Data Security Platform and how your agency can better comply with Phase 3 of CDM, download this whitepaper.

Related Articles