nCircle Federal Outlook Blog: September 2011 Archives

September 15, 2011

The evolution of continuous monitoring

Wow, "continuous monitoring" is certainly an evolving term. nCircle has used the phrase for quite a long time, so I distinctly remember googling the phrase a couple of years ago and finding almost nothing, other than one or two references to the C&A lifecycle. Try it - google "continuous monitoring 2009." You'll get really interesting references to monitoring glucose levels, water quality, fetal monitors, cancer sensors... but almost nothing pertinent to federal IT.

Today, 7 of my top 10 Google hits for "continuous monitoring" pertained to detecting changes in an IT environment, and usually in a federal context - led by a Wikipedia entry and a NIST FAQ. A largely neglected element of the C&A process has moved to front and center.

This is not a passing fad.

Eric Chabrow of GovInfoSecurity had a nice piece in Federal New Radio last week called "Why Continuous Monitoring is Gaining Popularity," in which he gives a lot of credit to John Streufert's well-publicized and effective efforts to reduce network risk at the State Department, which (I believe) almost certainly contributed to OMB's CyberScope directive to the agencies last year, requiring monthly status reporting on their assets, vulnerabilities, and configurations through CyberScope.

nCircle has a history of transitioning our customers from ad hoc, quarterly, or monthly scanning programs to weekly, daily, or even more frequent assessments. Some of the very best practices we have seen in this area were pioneered in the Federal space at least six years ago, at USAID for example, as well as at some of our commercial financial customers.

Chabrow's article goes on to address the substantial costs associated with continuous monitoring at the State Department. I want to take quite a different approach - we have seen a number of significant ancillary benefits to continuous monitoring at our customers, and often with cost savings. Over the next couple of blog entries I'll talk about some of these, and hope to get some of our customers to chime in as well!

Want to learn more? Check out nCircle's Continuous Monitoring Resource guide.

Posted by Keren Cummins on September 15, 2011 5:34 PM | | | | Comments (0) | TrackBacks (0)

Bio

Blog: Federal Outlook
Author: Keren Cummins

Keren W. Cummins is Director, Federal Markets for nCircle. Prior to joining nCircle, Keren served in executive positions with leading federal identity management solutions providers and has served several terms in public sector to include the Dept. of Commerce where she was a member of the Federal Public Key Infrastructure Steering Committee (FPKI SC) and the legislative and executive branches of the State of Texas.


Search

   

Recent Posts

   

Archives

   

Categories