From DDoS protection and mitigation, SOC II data center certification and partnering with Zscaler for cloud-based web security solutions, to disaster response and practicing good organizational cyber hygiene, MCNC continued to build a comprehensive defense against Internet-based threats and risks in 2017.
Cybersecurity requires the vigilance of everyone at every level of an organization. No single practice will guarantee that you will remain free from compromise. MCNC remained diligent this year in implementing several cybersecurity best practices to keep our network and systems protected and available for NCREN users.
The MCNC executive team approved a new Business Continuity and Disaster Recovery (BCDR) plan for the organization in 2016. In January, MCNC kicked off the year by performing a tabletop exercise to test it.
The exercise presented participants with a specific disaster scenario, and focused on testing communication flow and issue escalation, activation of the BCDR plan, and use of the plan to manage the disaster response. All MCNC departments participated in the exercise as representatives from two MCNC customers attended as observers. MCNC leadership judged the exercise to be quite successful and implemented several agreed-upon actions to continue improving MCNC's future disaster response capabilities.
By May, MCNC successfully completed a Service Organization Controls (SOC) 2 Type II examination, a high standard that not only defines what controls should be in place, but also verifies that MCNC is appropriately managing security risks. This standard shows that MCNC is a trusted partner serious about data protection and effective operations. Accountancy firm Assure Professional performed the rigorous audit. Read the full story.
MCNC then named Chris Beal as Chief Information Security Officer (CISO) in July.
As CISO, Beal directs MCNC’s efforts to provide customers with industry-leading best practices and security tools. Additional capabilities include assessments and monitoring of network vulnerabilities and risk posture, advisory services so organizations can best manage security risks and threats, and training and education opportunities to help NCREN users stay informed. Beal successfully led the development and implementation of DDoS protection capabilities on NCREN, including the deployment of multiple DDoS scrubbing centers which have successfully mitigated hundreds of reported DDoS attacks to date. MCNC also is planning to add additional positions to the security team to further develop and implement innovative cybersecurity solutions.
MCNC remains a proactive business partner and technology enabler with a structured approach to risk management. MCNC established its Enterprise Risk Management Committee (ERMC) to identify, catalog, and analyze risk issues facing the organization. The ERMC process ensures that the potential consequences of security events are analyzed in terms of their potential impact on the organization and customers. Once the potential consequences are understood, responses are crafted to match the risk.
In the fall, national news about massive data breaches at Equifax, Deloitte and others made headlines. Two things then happened at MCNC during Cybersecurity Awareness Month in October.
First, MCNC selected Zscaler to provide secure Internet access to more than 1.5 million students, teachers and staff in North Carolina. MCNC chose Zscaler to provide scalable, secure Internet access specifically for educational institutions and their students – regardless of the device they’re using – and leverage the cloud to protect those users with policy-based access and real-time, in-line protection from malware and other more advanced threats. Read the full story. Secondly, Chris Beal shared a beneficial blog about good cyber hygiene that was well received by the NCREN Community. If you haven’t seen it yet, click here to check it out.
Security is an essential part of today’s technology-driven society. Securing an organization’s networking infrastructure requires employees and institutions alike to proactively manage and protect personal and organizational assets. MCNC manages security threats and responses in the context of business risks and continues to strengthen its ability to rapidly detect and respond to security threats on NCREN. MCNC operates several security services for customers. You can learn more about them here. The MCNC Security Team also is working on several additional resources for customers in the coming year, so stay tuned for more details on these exciting opportunities and be sure follow on Twitter @MCNCSecurity for all the latest security updates.
Improving MCNC’s risk management and overall security posture was a top priority for the organization in 2017, and it will continue to be in 2018 and the years ahead.