All Blogs

Rolling NIST’s Cybersecurity Framework into Action

Muthuraman Deivanayagam
Product Management Expert, Object Storage Solutions, Hitachi Vantara

September 06, 2022


Data backup is the last line of defense when a cyberattack occurs, especially when the attack is ransomware. With robust data backup technologies and procedures, an organization can return to a point-in-time prior to the attack and return to operations relatively quickly.

But as data volumes continue to explode, ransomware attacks are growing more sophisticated and beginning to target that precious backup data and administrator functions. When this occurs, it is difficult to completely shield an organization from an attack.

The threat is so prevalent that the National Institute of Standards and Technology (NIST) developed in 2014 what has become the universal guide for understanding and managing cybersecurity risks, called, the Cybersecurity Framework (CSF). According to NIST, “the Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.”

Represented by a colorful wheel, the CSF calls out five focus areas for organizations to address: Identify, Protect, Detect, Respond, and then Recover.

Source: NIST

Bringing the CSF to Life in HCP

At Hitachi Vantara, we’ve embraced the CSF in our products and solutions. And we’ve joined forces with data protection partners to infuse each of the five categories into enhanced management capabilities within our Hitachi Content Platform (HCP).

Here’s how…

IDENTIFY: The first section of the wheel calls for restricting unauthorized users from accessing the system through surveillance systems and granting only the privileged user access to certain administrative tasks.

  • HCP’s roles-based access

to operations and data protection application monitoring capabilities restrict unauthorized users from accessing the system by acting as a surveillance system and granting only the privileged user access to certain administrative tasks.
Through partnership with Hitachi ID, HCP provides strong Zero-Trust Identify Access Management/Perimeter Access Management (IAM/PAM) capabilities to protect IT

PROTECT: This calls for developing and implementing the appropriate safeguards to ensure protection of critical applications and workloads.

  • Through partnership

with leading data protection providers like Veeam, Veritas, Commvault, HCP provides immutable copies of data and backup snapshots to protect from vector of attack.

DETECT: This calls for creating and implementing the appropriate activities to detect the occurrence of a cybersecurity event.

  • In partnership with

Veeam, Veritas, and Commvault, HCP provides a variety of metrics, including those for monitoring anomalies and events.

RESPOND: This calls for planning and carrying out the necessary actions in response to a detected cybersecurity event.

  • HCP enables

organizations to create an air-gapped data storage environment.

RECOVER: This step calls for creating and implementing the necessary disaster recovery plans to be able to respond to a detected cybersecurity event quickly.

  • Through partnership

with Veeam, Veritas, and Commvault, and others, HCP provides an air-gapped environment enabling organizations to restore and recover quickly from an attack.

 

It’s Time to Objectify Your Data

The CSF is a great tool for any organization concerned about resiliency. But a growing number of enterprises are also adopting a tried & true type of storage technology, one that is highly protected and strong: object storage.

Object storage was designed with unstructured data in mind. The expanding digital universe is comprised mostly of unstructured data – that is, data that is not organized in a standard fashion, such as everything from emails to videos. In fact, a recent study from IDC estimated that 80% of all data will be unstructured by 2025.

The Hitachi Content Platform suite of products is actually a market leader in unstructured data management solutions and has been ranked highly in metadata and big data analytics, cloud storage, data protection compliance, and security.

As cybercriminals and their malware grow more sophisticated and threats heighten, organizations must keep up. Nothing less than the continuity of business depends upon it. The CSF is a great place to begin organizing a process and we’ve centered the Hitachi Content Platform around it. Coupled with our approach to object storage, organizations can begin protecting their data and bouncing back from attacks with greater confidence.

Related

 
Muthuraman Deivanayagam works as a Product Management Expert for Hitachi Vantara’s Object Storage Solutions.


Muthuraman Deivanayagam

Muthuraman Deivanayagam works as a Product Management Expert for Hitachi Vantara’s Object Storage Solutions.