The threat model has changed. breaches have traditionally required execution of some manner of code on a system to and a network connection to exfiltrate the off the system. This is no longer the case as reduces the requirement for code execution to anywhere on a device, as opposed to requiring specific system access. This means that any system of a given classification/sensitivity that is hosted on the same hardware as a system of higher sensitivity breaks the Bell-LaPadula requirement of no read up.

Zero must now be implemented as device segmentation.

For private environments, you need to ensure your systems are being allocated with other systems of similar sensitivity. The consequences for the public are that sensitive data can’t be stored in these environments, as there’s no guarantee who you’re sharing bare metal with.

It will be interesting to see how this impacts FedRAMP over the coming year.

January 5,
Jeff Pollard

Related Posts in Privacy, & risk See All

Source link
Bigdata and data center


Please enter your comment!
Please enter your name here