In its Executive Order on Improving the Nation’s Cybersecurity on May 12th, the Biden administration mandated major improvements to how federal agencies protect their networks and data. How does this affect companies that do business with the federal government (or plan to) and their suppliers and contractors?
“Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors.” That’s how the White House explained in a statement the reasoning behind this executive order.
Following the SolarWinds and Microsoft Exchange incidents and the ransomware attack on Colonial Pipeline, the directive laid out “bold changes and significant investments.” Officials position it as merely a first step. Security experts agree that it is already creating some much-needed momentum.
They predict that the executive order will have a substantial impact on the private sector as well. So if you are tasked with IT security and data protection in such an organization, you want to know what that means for you.
In general terms, the directive aims to help move the federal government to secure cloud services and a zero-trust architecture. It also mandates federal agencies to adopt, on a short-term schedule, multi-factor authentication and “encryption for data at rest and in transit.”
That means data protection along the supply chain is now a priority. To wit, contractors, vendors, and suppliers are mentioned 13 times in the executive order. The specific instructions referring to them make clear: the goal is to create an immediate, yet long-lasting ripple effect far beyond federal agencies.
Enterprise DRM – a shortcut to compliance?
Those ripples are felt in the market already, say insiders.
Case in point: a noticeable uptick in demand for platform-agnostic, file-centric document protection that meets the federal requirements. Industry analysts report a resurging interest in Digital Rights Management (DRM) software, such as Fasoo Enterprise DRM.
DRM solutions for the enterprise have been around for more than a decade. They enable organizations to encrypt and centrally manage their sensitive files throughout the document lifecycle, regardless of device, application, or access location.
So what’s causing the buzz now, in the wake of President Biden’s executive order?
In a nutshell, a mature enterprise DRM solution typically comes with key capabilities baked in that check the boxes mandated by the Executive Order.
Could this be your shortcut to meeting these mandates across your organization and its supply chain, with the least amount of pain and friction?
As always, it depends. Does the solution in question check all the boxes, or only a few? An information protection service that was designed as a tack-on for a limited range of popular office file formats, for example, will fall short. It won’t cover many essential document formats used by federal contractors – CAD files come to mind.
Other solutions suffer from performance issues at scale and are challenging to maintain and manage. How can you ensure that the enterprise DRM suite you’re evaluating fits the bill?
Here’s what to look for concerning the provisions in the May 2021 Executive Order on Cybersecurity:
- Smart and flexible encryption: Can the enterprise DRM solution under consideration automatically identify unknown data and protect and trace it persistently, regardless of its location? Does it provide the encryption strength mandated for organizations that are part of or do business with the U.S. government? Fasoo’s FIPS 140-2 validated cryptographic modules meet the strict demands of the Cryptographic Module Validation Program (CMVP) run by the National Institute of Standards and Technology (NIST). NIST is tasked with developing the guidelines for the administration’s cybersecurity program.
- Access control: Does the information protection service your organization is considering support the broadest possible range of 3rd party, federated, and proprietary authentication systems, including those used by the federal government? Fasoo Enterprise DRM integrates with Active Directory, other LDAP -compatible and SAML-based systems. Its SSO and other authentication APIs support the full hybrid mix of on-premise, cloud, and WFH digital assets and devices deployed by the federal government and its contractors and suppliers.
- Frictionless rights and exception management: Affected organizations inside and outside the federal government are wary of the mandated “encryption of data at rest and in transit.” They fear that complex systems with inflexible file access and usage policy management would make slow federal workflows even slower. How does the solution under evaluation keep tabs on critical data and who gets to access what, while ensuring compliance with federal mandates and regulations? Will it require filing a support ticket each time a team member needs an exception from file restrictions? Fasoo Enterprise DRM secures information across large organizations without compromising performance. Its centralized management capabilities make exception handling by IT or data owners a fast and straightforward process and reduce IT’s workload.
The executive order calls for federal entities to “evaluate the types and sensitivity of their respective agency’s […] data […] The evaluation shall prioritize identification of the unclassified data considered by the agency to be the most sensitive and under the greatest threat, and appropriate processing and storage solutions for those data.”
Several federal agencies are already using Fasoo Enterprise DRM, which enables organizations to automate the identification and tagging of documents for encryption. So do industry leaders in sectors most affected by the changes in the new Executive Order on Cybersecurity. To learn about more factors that drive them to deploy enterprise DRM, check out this conversation between Fasoo CTO Ron Arden and GE Gas Power cybersecurity researchers Hillary Fehr and Chris Babie.
Is your organization re-evaluating its document protection options in light of the Biden administration’s cybersecurity plans? Contact our team to find out how federal agencies and their leading contractors leverage Fasoo Enterprise DRM to “adopt the security best practices” as directed by the new executive order.
Further reading tips:
- Robert Chesney, Trey Herr: Everything You Need to Know About the New Executive Order on Cybersecurity (Lawfare)
- Billy Mitchell: Modernization: Biden cyber executive order reignites push to cloud, zero trust (FedScoop)
- Laura Criste: This is IT: What the Cyber Executive Order Means for Contractors (Bloomberg Government)