Cybersecurity Maturity Model Certification (CMMC) Provides Vital Infrastructure Needs

Introduction

Secure Cloud Services are critical in today’s global cyber conflict and rapidly changing digital landscape.  Organizations must be able to immediately respond to unforeseen situations such as global virus pandemics, environmental disasters, weather emergencies,changes in market conditions, both up and down, as well as being prepared to execute mergers, acquisitions, and divestitures.  This scalability is critical and security failures can significantly impact an organization.  This document discusses some of the issues around establishing and maintaining the infrastructure while keeping the costs and functions well controlled.

Discussion

The recent Coronavirus pandemic has heightened the visibility to the need for an in-depth analysis and redesign of cybersecurity architectures within both governments and commercial institutions.  Recently the world has spun into chaos from numerous major factors, including:

Organizations are now pressed to rethink their operational practices of having most of their employees work from centrally controlled locations.  To utilize the workforce during these times employers must support remote workers attaching to home networks and public hotspots, often using BYOD equipment and with many non-controlled devices within the remote network.  Government and Corporate organizations have suddenly found themselves in the middle of a dilemma where they have suddenly been forced to extend their overall systems architecture and expose themselves to many security issues.

In 2016 it was estimated that malicious cyber activity cost the US Economy between $57 billion and $109 billion and in 2017 the Center for Strategic and International Studies estimated that the total global cost of cybercrime was as high as $600 billion.

In 2019, this risk was strongly recognized, and work began on the Cybersecurity Maturity Model Certification.  This model measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats.  The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.  In CMMC V1.0, Figure 2 as shown below lays out the levels and descriptions.  

As the figure above shows, each level progressively requires more effort to meet the security requirements and to lower vulnerabilities.  Following this model an organization can establish a level of protection that meets their goals and enables the environment to support applications that require that level at a minimum.  

Cloud providers will be assessed at the various levels based on CMMC, FedRAMP and others.  An organization can select the security level that meets their needs.  Organizations are realizing that they must be prepared for situations where their workforces are required to be flexible and work from locations outside the corporate walls, such as Regus and various other work suite companies, as well as hotel rooms, customer sites, and employee homes.

In a cloud environment, you can deploy an application, such as Unified Communications as a Service (UCaaS) and be assured that it will meet the security needs of the organization and be flexible to meet the resource requirements including network bandwidth and processing needs that can be adjusted depending on the situation without additional capital expenditure and the time to migrate to the new environment.  Some cloud providers can even offer capabilities that permit deployments to quickly resize and expand to other geographic areas.

UCaaS is a great example of a wide set of services that a company needs to deploy to everyone and using a secure cloud solution enables them to offer UCaaS services such as these six broad communications functions: 

Closing

There is a significant opportunity for secure cloud providers to provide many government organizations such as Federal, State, and Local Governments that currently manage and operate their own internal UC systems with a secure cloud based UCaaS.  In addition, regulated industries such as defense, health and banking, are rapidly coming under pressure to prepare and meet the Cybersecurity Maturity Model Certification (CMMC) as a strong hedge of protection against security failures to bad players.

‍