The Organizational Needs of TechFite
As evidenced in the case study, TechFite is an organization that worries about the inadequacy of its cybersecurity systems. At the same time, due to being involved in NASA’s space program, it represents a likely target for hacking attempts and corporate espionage. Its vulnerabilities are enhanced by the fact that the company is actively working with various developers from other countries. The main worries of TechFite include the capabilities of the double-firewall system to deal with the security threats, the inability to efficiently review activity and storage logs, and the lack of storage space.
The scope of the problem is defined by several limitations, namely the budgetary constraints as well as FISMA (Federal Information and Security Management Act) and NIST (National Institute of Science and Technology) requirements (NIST, n.d.). Lastly, the new system is supposed to have several countermeasures against accidents and deliberate sabotage, such as honeypots and back-ups to restore functionality.
Emerging Technological Solutions
Considering the technological and financial constraints faced by TechFite, one of the possible solutions that can be implemented by the company is Cloud Workload Security (CWS). This technology became recently available to the market and is gaining popularity as one of the options available to the customers. Its novelty lies in the harnessing of cloud storage capabilities for transfer, analysis, processing, and protection of data. One of the major advantages of cloud-based systems is the capability of handling large amounts of data traffic without requiring the company to possess additional servers and hardware (“What is cloud,” 2017).
CWS systems typically provide two kinds of services, which include agent-based and agentless logs monitoring. The main component of most CWS systems is the Virtual Machine Monitor Platform (VMMP), which transfers the data between itself and the end user.
Agent-based monitoring is preferable for TechFite, as it would enable the users to manually check activity logs, if necessary. This would enable the company to exert a greater degree of control over its network security. In addition, CWS permits data segmentation, thus enabling the creation of honeypots filled with fake and non-essential data for potential attackers to access. Machine Learning (ML) can be utilized to test the system, discover its vulnerabilities, and enable the preparation of countermeasures against malicious software, illegal intrusion into the system, and firewall throttling.
One of the main issues with using CWS is ensuring the high standards of security associated with FISMA and NIST requirements (Department of Homeland Security, 2018). Cloud-based security is vulnerable to outside interference, thus making it incompatible with the associated standards. At the same time, this one of the very few options available to TechFite, due to budgetary constraints of 250,000 dollars a year, including employee salaries. According to Cser (2017), there are about 16 products currently available on the market that would satisfy the company’s needs.
Adoption Process Outline
The proposed adoption process outline is based on the NIST framework, thus enabling the entire procedure as well as the end product to comply with various directives found within that framework. The identified steps are as follows (NIST, n.d.):
- Inception. TechFite will analyze the market for the CWS products available to them and make a contract with the vendor to install the CWS, train the personnel in using it, and provide technical support when needed. The configurations and technical requirements would be customized to fit TechFite’s needs.
- Risk assessment. This is the first step to be carried out by TechFite, in order to evaluate the existing security vulnerabilities and prioritize them according to their levels of criticality.
- Protection. As suggested, the protection of the company’s assets would be achieved by the installation of the CWS system.
- Threat detection. The company will perform a series of security scans to detect any potential for malicious attacks. Responsive procedures will be developed in accordance with the findings.
- System recovery procedures. Following the aftermath of the security evaluation, a series of measures would be set in place for initiating system recovery procedures.
A CWS-based system will, inevitably, possess its own sets of risks and vulnerabilities. It is important to eliminate the most critical ones and ensure no workarounds are available to the attackers. Nevertheless, the proposed CWS solution should be implemented as quickly as possible to mitigate the vulnerabilities already identified by TechFite. Failure to implement the technology early would lead to several negative consequences. These include the prolonged vulnerability of the system, the potential to miss lucrative contracts, and the increase in costs as it becomes more mainstream. Thus, the early adoption of the technology is a preferable alternative.
Positive and Negative Effects of the Proposed Technological Solution
Some of the benefits that TechFite would receive from adopting a CWS-based system are the benefits of improved protection, automation, and credibility with partners. CWS is one of the most secure systems available for the number of resources that the company has to spare. In addition, it allows for both agent-based and agentless log-checking. Lastly, the presence of a new high-tech security system would give TechFite an edge in negotiations regarding mergers and partnerships with other organizations.
Some of the adverse effects of adopting a CWS-based security system would include the costs of purchasing and implementing the technology as well as potential downsizing of the IT department instigated by the system’s capabilities in automation. The costs, however, should be offset by the savings on salaries due to automation, and the unneeded employees could potentially be transferred to other departments or moved to part-time positions.
Comparisons with Existent Security Systems
One of the most advanced existing technologies currently available on the security market is the Secure Compute Lifecycle (SCL). This system was pioneered by Hewlett Packard, which provided a system that protects the server is unable to be rebooted in the event of a system being compromised (“HPE secure compute lifecycle,” 2018). It allows the security teams to detect critical threats and to eliminate them from the system running a designated server alone.
This system, however, requires dedicated servers located in the company property, which severely limits its capabilities at data processing. In addition, the services offered within the framework of a Secure Compute Lifecycle are substantially fewer when compared to those of a CWS. For example, Secure Compute Lifecycle offered by Hewlett Packard does not offer a package of firewalls. Therefore, the CWS solution proposed in this paper is better-protected and can handle larger amounts of traffic when compared with the SCL.
Methods for Measuring the Impact of Technology
The purpose of the proposed intervention is to lessen the risk of cyber-attacks on TechFite. Therefore, the impact of technology should be measured based on the capabilities of preventing infractions and unauthorized access into the system. There are several metrics that could be used to evaluate the effectiveness of the system, namely the Average Response Time (ART) and Average Detection Time (ADT).
ART is based on the requirements for the security team to successfully resolve a situation. It is calculated by computing the times required to locate, engage, and neutralize the threat. ADT, on the other hand, is the time required for the security team to actually become aware of an issue. For the sake of measuring the effectiveness of a system, both ART and ADT metrics are expected to be as short as possible.
References
Cser, A. (2017). Vendor landscape: Cloud workload security solutions, Q3 2017.
Department of Homeland Security. (2018). Federal information security modernization act. Web.
HPE secure compute lifecycle: Building on the world’s most secure industry standard servers to optimize your security environment. (2018). Web.
National Institute of Science and Technology (NIST). (2017). Policies and notices. Web.