Building an organization-wide view of system security and compliance posture
Cisco’s global operations run the cloud gamut, from infrastructure, platform, and software, to hybrid on-prem solutions. They continuously spin up or acquire new tools that must be integrated into their regulated boundaries. It also constantly advances its capabilities and needs to meet progressively more challenging standards, like moving to FedRAMP High or DoD IL5.
38North serves as an elite team of cloud security architecture and compliance experts for Cisco to deploy in response to specific challenges. With a unique role as an independent advisor that can see across the organization to understand how the big picture works, 38North tackles specific challenges, including security assurance improvements for it’s considerable product portfolio and helping solve secure device registration roadblocks for FedRAMP authorization. 38North also advises on solutions for securely managing credentials across complex environments and the integration of entirely new data centers and systems into authorization boundaries.
By embedding with Cisco’s engineering and compliance teams, 38North has been able to earn the trust of the engineering teams and tackle complex, organization-wide security challenges.
Challenges
- Balancing Hybrid systems with both on-prem and cloud-based solutions in an enormous infrastructure.
- Operating in High and IL5 environments, Cisco needed education on the most advanced FedRAMP requirements.
- Keeping regularly acquired solutions and integrations compliant with regulated boundaries.
Solutions
- Cloud Security
- Documentation Development
- Security Compliance
- Security Gap Analysis
- Security Architecture
- Security Engineering
Results
- Cleared several high-profile, complex audits to allow Cisco to operate in DoD.
- Completed over a dozen SCR activities to integrate new products into the FedRAMP boundary.
- Solved major engineering challenges that served as roadblocks to Cisco’s authorization efforts.
