Unpacking the U.S. National Cybersecurity Strategy for Companies

Ravi Ithal
April 26, 2023

Update July 13, 2023: The Biden administration published “the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and a continued path for coordination. This plan details more than 65 high-impact Federal initiatives, from protecting American jobs by combatting cybercrimes to building a skilled cyber workforce equipped to excel in our increasingly digital economy.

“Each NCSIP initiative is assigned to a responsible agency and has a timeline for completion.”

This is good news, as it puts implementation plans and timelines on the initiatives set out in the National Cybersecurity Strategy.

Original post: The U.S. National Cybersecurity Strategy, released on March 2 by the Biden-Harris Administration, aims to “secure the full benefits of a safe and secure digital ecosystem for all Americans.” The strategy is part of a larger effort by the Biden administration to strengthen cyber and technology governance. 

What does it mean for companies?

 

Focus on Cloud Security

The U.S. National Cybersecurity Strategy highlights cloud security as a major threat and focuses on protecting digital infrastructure. For example, it increases the responsibility of large cloud service providers like Amazon, Microsoft and Google to make it harder for foreign hackers to cause damage. 

 

The focus on cloud security at the national infrastructure level mirrors the importance of cloud security for all companies. According to the Cloud Security Report 2023 by the Enterprise Strategy Group (ESG), “data is shifting to public clouds ahead of organizational readiness to secure it.” More than half of respondents to ESG’s survey of 387 IT, cybersecurity, and DevOps professionals reported they knew or suspected they had lost cloud-resident sensitive data. All of this calls for increased emphasis on cloud security at all levels.

 

Impacts and Opportunities

For businesses and organizations, the implications of the U.S. National Cybersecurity Strategy, primarily section 3.3, include:

  • Increased compliance costs: Organizations may need to invest in updated security infrastructure, employee training, and regular audits to ensure compliance with new data privacy and security regulations. 
  • Legal and financial consequences: Businesses that fail to adhere to the new legislation could face legal action, fines, and reputational damage, leading to potential loss of customers and revenue. 
  • Operational changes: Organizations may need to reevaluate their data collection, storage, and processing practices to comply with stricter data privacy requirements, which could involve redesigning their products, services, or business models. 
  • Competitive landscape: As businesses adapt to new regulations, some may find it challenging to maintain their competitive edge, especially smaller organizations with limited resources. On the other hand, those that successfully implement strong data privacy practices may gain a competitive advantage by attracting privacy-conscious consumers.
  • Cross-border data transfers: Strict data protection regulations may impact the ability of organizations to transfer personal data across international borders, necessitating the establishment of new data processing and storage arrangements to meet regulatory requirements.
  • Collaboration with government agencies: Businesses and organizations may need to work more closely with government agencies like NIST to stay up to date on evolving security standards and guidelines.
  • Increased public trust: Organizations that prioritize data privacy and security may benefit from increased consumer trust, leading to enhanced brand reputation and customer loyalty.

 

The proposed U.S. National Cybersecurity Strategy would require businesses and organizations in the US to adapt to new data privacy regulations, which could have significant operational, financial, and legal implications. However, organizations that successfully embrace these changes may benefit from increased consumer trust and a competitive advantage in the marketplace.

 

Try Normalyze in Your Environment!

We invite you to try Normalyze for free in your environment. Sign up for our Freemium. Setup takes minutes, after which you can see for yourself how Normalyze will provide your security teams with 100 percent visibility and control of cloud-resident sensitive data.

Ravi Ithal

Ravi has extensive background in enterprise and cloud security. Before Normalyze, Ravi was the cofounder and chief architect of Netskope, a leading provider of cloud-native solutions to businesses for data protection and defense against threats in the cloud. Prior to Netskope, Ravi was one of the founding engineers of Palo Alto Networks (NASDAQ: PANW). Prior to his time at Palo Alto Networks, Ravi held engineering roles at Juniper (NASDAQ: JNPR) and Cisco (NASDAQ: CSCO)

FEATURED

Gartner® Innovation Insight: Data Security Posture Management

FEATURED

DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Improve Cloud Security: Dark Reading Interviews Ravi Ithal