+

Response to White House meeting on cybersecurity and NIST updates | Dynamically Speaking

Our customers tell us constantly – security challenges continue to evolve and become more complex almost daily. It’s why we engage in conversations with enterprises worldwide on a variety of topics (and especially on dynamic authorization, ABAC, and the like).

These conversations not only enable us to share how we view enterprise security, but also provide our team with knowledge about how our customers leverage dynamic authorization and other security solutions to keep their critical information safe.

With that in mind, we’re excited to introduce a new series of interviews. “Dynamically Speaking” will feature guests who share their thoughts on various cybersecurity and dynamic authorization issues.

Our first episode features Jim Barkdoll, President & CCO of Axiomatics. Jim is a seasoned cybersecurity executive who has a wealth of knowledge to share in this interview regarding the recent White House meeting with top technology vendors and updates to the National Institute of Standards and Technology (NIST) framework.

 

 

Kelly: Hi, and welcome to this episode of Dynamically Speaking! Today, my guest is Jim Barkdoll, President and Chief Commercial Officer of Axiomatics, a leading provider of dynamic authorization solutions. Welcome, Jim, and thank you for your time!

Jim: Great to see you again, Kelly! Thank you!

Kelly: So, today we’re going to discuss the recent White House meeting with top technology vendors, including Google, Microsoft, IBM, and Apple, where they discuss the need for private technology companies and private companies in general to have more stringent security solutions, perhaps implementing Zero Trust.

So, to that end, Jim, the White House mentioned during the meeting that the National Institute of Standards and Technology (NIST) would be updating their existing guidelines. Currently, how are private companies using the existing NIST guidelines?

Jim: That’s a great question! First of all, I think there’s a misnomer because NIST was introduced back in 2014 that because it’s a government entity that somehow this is only for government organizations.

And while they did mandate that all critical infrastructure in 2017 needed to be covered, which covered more than just government entities, anyone that was in the supply chain, or critical infrastructure, it’s been used and adopted and meant to be used and adopted by many companies, including small, medium business and certainly enterprises abroad.

There’s companies like Bank of England or Nippon Telegraph, just to name a few, that have implemented this.

Kelly: OK, excellent. And in terms of new guidelines, what would you like to see added? What are the critical things that you really believe NIST needs to consider and that technology vendors need to have input on?

Jim: First, it’s an amazing framework in itself, right? And it’s done a great job at bringing attention to a critical area, which was why it was created in the first place. And what it does an amazing job in is in providing the framework, the infrastructure, some of the suggestions, the success stories. They do a great job at publish success stories with it.

But what I would love to see a lot more adoption of it and guidance is on the policy and rules themselves. Get a little more into the specifics. It’s the biggest challenge I see that CISOs have today when they’re looking at whether it’s any regulation or compliance issue, what is the best practices, what are their peers doing in policy and rules to actually, that are implemented in this infrastructure, in this reference architecture that NIST suggests and I think that would be a great area to improve upon.

Kelly: OK. And it’s interesting you mention best practices and people out there doing some interesting things. The White House meetings typically involve the suspects that I mentioned earlier, the Googles, Apples, IBMs, of the world, and certainly offered what they’re going to be doing to improve security practices and meet some of the guidelines that we discussed.

But are there other vendors or other classes of vendor that you believe should be involved in these meetings moving forward to provide a fuller view of what’s going on right now in terms of security?

Jim: Yeah, again, spot on, and I think really appropriate to look at who is helping frame the guidance and the leadership NIST is taking, at least from the people the White House invited. Amazing companies, fantastic enterprises, amazing holistic solutions, but a lot of what their attention goes to is an end-to-end solution in a lot of places, and no enterprise is made up singularly of any one of those technologies, they certainly all play a part in it.

So, what I would love to see when they start to look at other people or people that should be given guidance in this, and similarly among the policy recommendation guidelines are the people that are the experts at implementing this.

So, there’s companies, especially in the U.S. like Optiv, like Novacoast, like Set Solutions, like Guidepoint that are in the trenches every day giving best practices around security and working with all those technologies, and of course, many of the other hundreds of cybersecurity solutions that are our there besides those entities.

Kelly: Excellent. And though this is a very, certainly U.S.-centric conversation that was had, we’re in a world where everyone works from everywhere at all hours

So, what are the takeaways for global companies from this meeting and from potentially significant additions to NIST guidelines?

Jim: Yeah, again, as we talked a little bit about at the beginning, this is not strictly viewed as if you’re doing business with the U.S. government, it’s certainly helpful. There’s mandates now for certain entities that you’re doing work with to be NIST compliant. So, I think that is something companies should certainly look at.

But even if you’re not doing anything with U.S. or even U.S. companies, the NIST is a great guideline to at least a reference architecture, a starting point to go in and expand your cybersecurity presence, and certainly if you’re looking to implement Zero Trust and/or judge yourself by Zero Trust, NIST is a great framework to start and/or judge yourself against.

Kelly: Excellent. Thank you very much, Jim, appreciate your time!

For anyone interested in learning more about dynamic authorization or Axiomatics, please visit our website at www.axiomatics.com, or download our latest resources, ‘Five Big Ways to Get Started with Dynamic Authorization’. Thank you very much.

Jim: Thank you.

5 ways to get started with ABAC infographic - AxiomaticsSelect to view full-size

Learn more about the NIST framework

NIST framework Frequently Asked Questions
NIST framework guidelines and updates

Related Articles

Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...
Untangling zero trust with dynamic authorization
Zero Trust
Everyone is talking about Zero Trust and with good reason. With the proliferation of remote and hybrid workforces and people accessing corporate networks from a...