3 Security Issues Overlooked By the NIST Framework

Due to the number of data breaches and vulnerabilities that have plagued the United States, the government decided to develop the National Institute of Standards and Technology. The framework provides information about organization and strategy when it comes to thinking of safe and secure networks and programs. The framework also includes best practices for companies. Surely, a document like this would prove to be helpful, but it comes with its draw backs.

One issue with the NIST is related to logs. Logging information is important because it shows a history of actions. According to the NIST, logs and audits should be kept for up to a month. The average breach is discovered four months after the fact, but by then the log files are long gone. Especially since nowadays we have more efficient storage, holding logs for more than a month should not be an issue.

Another issue is with the cloud. One can think of the cloud as a humongous remote computer that can store information away from our local devices. This is great for freeing up space, but the way that the NIST suggests using the cloud is too complicated for the average user.

The last issue is that the NIST recommends using a role-based access control system. But, it does not go in hand with the multi-cloud security suggestion from earlier. Companies essentially need to use multiple clouds which means multiple people and this just increases the workload.