Jerry Petersen
Hiring the right talent and eliminating bureaucracy are keys to building a culture of security awareness across one’s organization, which, in turn, is critical to the effective adoption of the continuous Authority to Operate model, according to Rise8 founder and CEO Bryon Kroger.
“Traditional ATOs require a point-in-time check of security controls that can take months, delaying projects and creating opportunities for cyber adversaries. cATO eliminates that issue,” said Kroger an opinion column published on C4ISRNet. “cATO is an ongoing authorization for continuous delivery following initial authorization. It never lapses, so long as new system capabilities are aligned with approved security controls.”
cATOs are a proven quantity, having been originally designed and approved for use on the systems of the U.S. Air Force’s software development division known as Kessel Run, which Kroger co-founded.
In addition to recruiting the right people, Kroger says that implementing cATO also requires the establishment of a baseline set of common controls that can be inherited across the enterprise or, at the very least, across missions.
Also important is ensuring system transparency. This involves the adoption of software development practices like the everything-as-code mindset as well as the adoption of technologies like automation, digitization and newer governance, risk and compliance platforms that are built for ongoing authorizations.
