Over the past four years, we have dedicated our efforts to building the most resourceful solutions to facilitate the evolving cybersecurity compliance requirements being driven by the NIST and the Federal Government. What we have accomplished on a limited budget is unprecedented. What follows is the remarkable result of our tenacity, dedication, frugality, and ingenuity. Our story begins with the emergence of cloud computing in the federal marketplace and our involvement in the early stages of FedRamp.
CISO Sentinel is the preeminent software platform that provides cybersecurity and compliance continuous monitoring for government agencies and critical infrastructure commercial industries including healthcare, financial services, energy, and technology manufacturing.
Our solution is built upon the foundational knowledge we developed as the leader in assisting Federal Cloud Service Providers in achieving FedRamp authority-to-operate and leverages the industry-leading Servicenow cloud software development and deployment platform. ServiceNow is the only full-stack [IaaS, PaaS, SaaS] FedRAMP authorized cloud solution serving Federal agencies today and is deployed at thousands of global critical infrastructure industries.
Most importantly, our solution provides a view from the C-suite. CISO Sentinel is uniquely suited to provide companies and government agencies a view from the top of where they stand from a cybersecurity, regulatory, and compliance viewpoint. We are the solution that provides senior-level executives a view and insights into what’s really going on in the IT department.
New Risks with the Emergence of Cloud Computing?
Cloud computing has evolved as the preeminent computing model of the future. Government institutions and commercial enterprises of all sizes have adopted hybrid computing models that take advantage of modern distributed cloud resources while leveraging their existing investment in legacy infrastructures.
The enormous potential of cloud computing prompted the United States Federal Government to designate cloud computing as the preferred means of computing infrastructure throughout the federal government. In 2010, the Office of Management and Budget [OMB] issued a Cloud-First Strategy for Federal Government computing needs. Under this policy, government agencies are compelled to use cloud computing resources rather than expensive government-owned and operated data centers to boost computer operations. This adoption started slowly at first but has continued to accelerate as the requirements for FedRamp authorized platform use is increasingly required in new procurement cycles.
This federally mandated strategy followed the lead of the evolution of more cost-effective and flexible computing models being implemented throughout the commercial sector over the course of the last two decades. The dot.com and telecommunications bust of the early 2000’s drove the capital investment that resulted in the undersea cabling and infrastructure that allowed the distributed cloud computing model to develop cost-effectively. Companies that provided this initial infrastructure went broke, these assets were repurposed to the cloud computing model without proper regard for the risks and exposures created as the new model developed.
This new business model delivers vast efficiency and cost advantages but also brings with it an interconnected computing model that has increased the potential exposures for corporate enterprises and government institutions. Not a day goes by that we don’t learn of a new threat, breach or data loss that invades privacy, damages billions of dollars of shareholder value, or disrupts the ability of our government institutions to function effectively. The risks present a fundamental threat to our ability to trust information, protect our identities and ultimately to the fundamental workings of our society.
NIST, FedRAMP, and the Cybersecurity Framework
As the cloud computing gold rush began, security was an afterthought. The early suppliers simply took advantage of the cheap computing assets available after the bust and created a low-cost model that provided the easy and cheap capacity to government institutions and corporations across the globe. And while this new infrastructure model leads the way for the development of new disruptive business models, no-one worried about the impact on privacy, data loss, and the protection of all data in a proper fashion. Quite frankly, we’ve been playing catch up since the start and the real challenges and impact are just starting to be understood.
The sensitive nature of the Federal Government’s computing systems and electronic data demands the highest levels of comprehensive security. In order to mitigate potential security and control risks, the Federal Risk and Authorization Management Program [FedRAMP] was created to develop a set of standards and processes that all federal cloud service providers are required to demonstrate in order to be accredited with an Authority-to-Operate. FedRamp also defined the reporting requirements and standards for the continuous monitoring of cloud systems across all control sets and standards as defined by the National Institute of Standards and Technology.
The most notable achievement of our remarkable pursuit is our list of government security accreditations that CISO Sentinel supports. CISO Sentinel was ATO acquisition and continuous monitoring for Autonomic Resources ARC-P, the very first IaaS platform fully accredited by the FedRAMP JAB [Joint Authorization Board] and Defense Information Systems Agency [DISA] certified-secure CSP for the United States Federal Government and all of its associated agencies and operations. As a result of this unique certification situation, CISO Sentinel supports unprecedented and unrivaled access to the rapidly expanding Federal Cloud Ecosystem. Remarkably, 25% of all FedRAMP JAB ATO’s currently rely on the work of CISO Sentinel.
New Laws and Regulatory Standards
Subsequently, other regulatory bodies across all critical industries have adopted standards that while specifically tuned to the unique needs of the industry vertical, have relied heavily on the frameworks, standards, definitions, and processes outlined by NIST. Although each regulatory body is compelled to put their own stamp on industry standards, ultimately, all regulatory standards follow NIST 800-53. Our product and approach starts with that premise and provides a crosswalk of all standards and controls.
CISO Sentinel is our continuous monitoring governance, risk, compliance platform offering, and it effectively supplies our clients with the broad capabilities to manage IT service management, cybersecurity, and risk across a single platform continuum.
No other solution fully integrates these capabilities to provide today’s digital enterprise Chief Information Security Officers the ability to secure the entire threat landscape, comply with far-reaching regulatory compliance standards, and effectively manage sprawling global IT environments.
As a result of these new models, managing and securing these increasingly complex environments requires that the techniques for managing systems, complying with regulatory mandates, and responding to threats require a new, platform enabled approach. Accordingly, a new ecosystem is being developed for traditional systems security firms, audit consultants, and IT service providers. cloud service providers in the Federal space. This new ecosystem will contractually determine access to the massive untapped cybersecurity and compliance continuous monitoring market over the next decade. Our objective has been to build the most versatile and cost-effective set of solutions in this market.