These functions organize the basic cybersecurity activities in order to achieve specific outcomes at their highest level and aid businesses to express their cybersecurity risk management. Whilst these functions shall be performed concurrently to minimize the dynamic cybersecurity risk, Identify function is considered to be the most foundational one.
The Identify function provides asset visibility
The Identify function provides the structure for the rest of the functions to be built upon. The NIST framework defines Identify as a function to “develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities”. From that perspective, the function is responsible to provide clear visibility to all systems and platforms included in an organization’s infrastructure, including the cloud-native ones, and that no vital IT asset will be left “in the dark”.
Furthermore, the function identifies risks that can impact critical systems for the operation of a business, like production servers. If the risks and the resources that support critical operations can be identified, better prioritization of the organization’s cybersecurity efforts can be performed. Outcome operations that fall under the Identify function are Asset Management, Governance, Risk Assessment, and Management Strategy.
Being able to identify means having all your assets visible, knowing where they are, and implementing best security practices to protect them from cybercriminals and cyberattacks.
Asset discovery is important
What happened and businesses have increased their exposure to cybercriminals, although they are more aware of these risks? Why did they become more vulnerable to cyber attacks? The reason is not one but a combination of things that happened and changed our lives and habits during the last years. First, is the rapid evolution of cloud technology and the objective difficulty to catch it up. Secondly, the pandemic changed the way we work; now it is not unusual for someone to work from his home instead of going to his office, or to see people bring their own personal computers at work and have their devices connected to the organization’s secure networks. These labor habits increase the attack surface and the security gaps.
As cloud technology advances “at the speed of light”, asset visibility becomes one of the most important factors to consider when a business organizes its cybersecurity defense. The dynamic nature of the cloud is what makes it powerful but at the same time vulnerable. The number of new cloud based technologies and the speed with which they emerge can easily leave cloud native assets undiscovered; invisible, unattended, and thus not protected.
As the cloud becomes a dominant environment, one must consider seriously its security. Security needs to evolve with technology. Traditional security is not going to work, as the cloud is boundaryless, changing too fast for manual security processes, and is decentralized. Infrastructure as Code (IaC), an approach that manages cloud infrastructure by machine-readable definition files increases misconfigurations that eventually lead to cloud breaches. Add to these challenges, the pace of new cloud native technologies popping up everyday and the skills shortage of experienced security professionals, and you end up with a mixture of hard-to-secure cloud structure and difficult-to-discover and protect cloud native entities, such as APIs, Kubernetes, microservices, and containers.