In 2017, the National Institute of Standards and Technology, a federal agency within the Department of Commerce, removed the word “federal” from the title of its catalog of cybersecurity and privacy controls.
NIST recognized that in addition to the federal agencies that rely on its compliance guidelines, state and local governments, academia and even industry were also increasingly seeking to follow those requirements as security concerns and cyber attacks continue to rise.
“The reality is, today we’re all of us — federal, state and local government and the private sector — using the same technologies … and facing the same [cyber] threats, NIST Fellow Ron Ross told CyberScoop.
Yet too often, local government agencies and educational institutions find themselves simultaneously having to balance their need for high compliance and high security with an overall reduction in capital expenditure. It’s essential that these organizations partner with NIST-centric solution providers who fully grasp the complexity of federally mandated compliance and security. Rackspace has the solutions and expertise to minimize the friction associated with NIST compliance, from implementation through sustainment.
State and local government solutions must include security
State and local governments are now aggressively seeking solutions born in the cloud to enable citizen engagement and availability of services. According to Gartner, state and local governments are allocating an average of 20 percent of their IT budget to cloud spend, a figure that is expected to continue to grow.
Today, we’re seeing an annual 18 percent uptick in cloud spending among these organizations — and as the adoption of cloud grows, so does the need for enhanced security and compliance. Atlanta was recently targeted by a ransomware attack targeting critical infrastructure and citizen services. Mayor Keisha Lance Bottoms called it “an attack on our government,” during a news conference. “We are dealing with a (cyber) hostage situation,” she said.
Unfortunately, examples like Atlanta are not uncommon. While continuous vigilance amongst SLED organizations will always be important, having a solution built for security and compliance is critical.
Education isn’t immune from attack
And while attacks against state and local government agencies might be making the news more often, education isn’t immune.
With the ever-growing demand and popularity of distance learning platforms — today one in four students takes at least one distance learning course, with total distance enrollment topping six million last year — schools and universities are pushing data into the cloud at ever-increasing rates. By 2021, education organization adoption of the cloud is expected to grow by 23 percent. This massive shift away from traditional classroom education, and its attendant need for data in the cloud, is dramatically influencing the need within the education vertical for heightened compliance and security.
Universities in particular are being targeted by state sponsored actors in search of intellectual property and personal information. Recently, US authorities charged a group of Iranian hackers with cyber-attacks against more than 300 universities, with the theft of nearly 32 terabytes of data, resulting in a loss of intellectual property valued at $3.5 billion.
These kinds of attacks are exactly why organizations are seeking out the tougher NIST standards, even when not required to do so. They’re also looking for unbiased expertise as they move out of legacy data centers and into cloud or cloud-like environments.
Finding an experienced partner
At Rackspace, we understand the specific security and compliance needs of state, local and educational organizations. We’ve assembled a specialized team to address these needs. With our U.S.-supported FISMA/FedRAMP private cloud solution, we’re able to meet nearly 80 percent of the NIST security and compliance requirements required by the federal government to obtain an authority to operate (ATO).
And because we’ve automated many of these controls, utilizing industry leading solutions, we’re able to dramatically reduce the total cost of ownership required to maintain FISMA/FedRAMP compliance. Our solution has the stack flexibility to provide fully managed services all the way up through the virtual operating system. Below is a breakdown of the services and value our managed compliant offering provides.The adoption of NIST standards by state, local and educational organizations demonstrates the need and demand for federally compliant solutions across these sectors. Because of the comprehensive and evolving nature of NIST’s guidelines, we’re also seeing its framework being implemented internationally, and even becoming the global standard for compliance and security.
Learn more about how Rackspace can help organizations looking to adopt this framework.