Page 22 - FCW, Nov/Dec 2017
P. 22
CYBERSECURITY
SPONSORED CONTENT
EXPERIENCE THE MANY BENEFITS OF
MANAGING COMPLIANCE
Agencies can ensure tigGOVERNMENT AGENCIES FACE daunting challenges to maintain
hter compliance by automating data management tasks.
KEVIN DAVIS
VICE PRESIDENT OF PUBLIC SECTOR, SPLUNK
compliance with policies, regulations and laws that govern data protection, cybersecurity and a host of other
mandates. The barriers to compliance are compounded by the geographically dispersed operations, complex IT environments and advanced cyberdefense programs managed by most agencies.
To overcome these hurdles and keep up with evolving standards, audit requirements and mission priorities, government professionals must have practical, manageable ways to continuously evaluate their compliance programs and security controls. They need to know what’s happening across their enterprise systems in real-time.
The key to this kind of situational awareness is the ability to aggregate and analyze all agency data, regardless of its location or source. Whether collected in the cloud, accessed on mobile devices or resident in legacy systems, data must be available to support an e ective, informed and timely decision-making process.
This level of visibility into ongoing enterprise activity is the single-most empowering way for public sector managers to understand if their agency is meeting its mission and compliance objectives. It also provides a data-driven analytics approach to determine corrective actions when necessary. Not only is enterprise- level assessment an essential cornerstone of an e ective compliance program, it also facilitates optimized IT operations and risk management.
How can agencies best leverage and exploit their data assets? Relying on an automated approach that helps manage data collection
and visualization across whatever systems and technologies they are using is the most e ective way. By deploying an automated solution, public sector professionals can collect, analyze and report on the volumes of data.
An e ective compliance program—for cybersecurity monitoring, defense of Personally Identi able Information (PII) or data and
asset tracking—must be exible, scalable and extensible. It should operate in real-time and
be data source agnostic, centrally managed
and federated to enable organization-wide use through role-based access control.
Why implement an automated compliance monitoring system? The main bene ts are removing the tedium of manual and ad hoc data collection processes; liberating sta from time- consuming and error-plagued ventures by cutting across operational silos and automating data collection, aggregation and correlation. Reliance on automation can overcome the traditional challenges of ingesting and normalizing data by eliminating the need to t incoming data into prede ned schemas.
Once data is collected in an automated solution, it can be used to address multiple compliance mandates and emerging IT and security initiatives. For example, it can be adapted to monitor specialized compliance requirements such as those mandated in the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) standards, Criminal Justice Information Services (CJIS) system and others.
Whether agency professionals need to follow the guidance in the NIST Risk Management Framework (RMF) or other important mandates, the tangible bene ts of monitoring and understanding the comprehensive and current state of enterprise systems and networks is undeniable. The ever-expanding universe of machine information being generated makes automation the only feasible strategy to meet the demands for continuous monitoring and compliance—today and tomorrow.
Kevin Davis is vice president of public sector at Splunk.
S-10