Implementing Identity Continuity With the NIST Cybersecurity Framework

COMMENTARY
In the modern enterprise, where IT infrastructure, applications, and data are spread across multiple clouds, hybrid clouds, and on-premises data centers, identity ensures that the right individuals have access to the right resources at the right times. In many ways, identity is now on par with electricity when it comes to business continuity. Without it, business operations grind to a standstill. 

Just as most businesses have backup power sources so they can continue to operate when their electric utility goes down, organizations should implement an identity continuity plan to maintain the availability of critical IT systems if their primary identity provider (IDP) is offline. Having a failover plan is more critical than ever, since many organizations now rely on cloud-based IDPs that are vulnerable to outages for a host of reasons, including provider outages, natural disasters, loss of Internet connectivity, and more. 

When developing an identity continuity strategy, the NIST Cybersecurity Framework can serve as a valuable model to follow. Designed to help organizations manage and mitigate cybersecurity risks, it consists of five core functions: Identify, Protect, Detect, Respond, and Recover. Each function plays a pivotal role in forming a robust identity continuity plan. Here’s how to map an identity continuity plan to the NIST Cybersecurity Framework. 

Identify

Inventory Applications, Policies, and Identities

The initial step in creating an identity continuity plan involves cataloging all applications, policies, and identities within the organization. This inventory should distinguish between different user groups, such as customers and employees, to address their specific access requirements effectively.

This process should include detailing interdependencies and criticalities to ensure comprehensive coverage. Classifying these resources based on their criticality and the potential impact of downtime helps prioritize efforts. For instance:

Routine Continuity Tests

Regularly testing the continuity plan is crucial for identifying gaps and ensuring its effectiveness. Routine tests help keep the plan up to date and ready for real-world disruptions.

Protect

Ensure Continuous Identity Operations

Protecting identity operations requires ensuring continuous access to identity services. This includes establishing robust mechanisms for cloud-to-cloud and cloud-to-premises failovers. With many organizations adopting zero-trust architectures, where each access request requires continuous authentication and authorization checks, identity continuity is even more critical to ensure end-to-end security.

Develop Disaster Recovery Plans

While preventing outages is always best, in addition to continuity planning it's critical to also have a disaster recovery plan. Regular backups of policies and resources from cloud and on-premises identity infrastructures ensure quick restoration if a rebuild is necessary.

Detect

Monitor Identity Infrastructure

Implement centralized analytics and reporting to continuously monitor the availability of identity and access services. Early detection of outages or slowdowns allows for prompt intervention and proactive response.

Conduct Regular Testing

Regular continuity tests simulate real-world scenarios to detect potential weaknesses in the identity infrastructure. This proactive "test to verify" approach ensures that the continuity plan is robust and effective.

Respond

Maintain Continuous Identity Operations

Develop strategies for failover and fail-back to ensure continuous identity operations. Predefined custom actions, alerts, and automations should be in place to handle various scenarios.

Establish Failover Mechanisms

Multiple layers of failover mechanisms ensure redundancy and resilience. For example, assign:

Predefine Continuity Actions

Having predefined continuity actions ensures a swift and organized response to identity service disruptions. Actions can include automatic service ticket opening, initiating an incident response workflow, or some other scriptable action. This minimizes downtime and mitigates its impact on operations.

Recover

Manage Incidents and Resolve Outages

An incident management plan should outline the steps for failover, failback, and incident resolution. The focus should be on quick recovery while documenting and analyzing any anomalies. Use data collected for availability and outages with your IDP vendor to negotiate expectations.

Run Disaster Recovery Backups

Ensure the disaster recovery plan includes procedures for running backup and restore operations. This enables swift recovery from identity service outages, minimizing downtime.

Govern

Continuous Monitoring and Policy Management

Implement continuous monitoring of identity systems to ensure adherence to established policies. Regularly update, document, and report policies to reflect changes in the IT environment and emerging threats.

Monitor Access Requests and Activities

Track access requests and activities to identify unusual patterns that may indicate security threats. Continuous monitoring helps maintain a proactive defense against potential disruptions.

By leveraging the NIST Cybersecurity Framework, organizations can develop a comprehensive identity continuity plan that ensures resilience against disruptions. Now that identity is interwoven into all business operations and predominantly relies on cloud-based IDPs, having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.