CrowdStrike recently started to release a series of independent reports assessing the efficacy of the Falcon Host endpoint protection solution in helping organizations achieve important industry certifications such as HIPAA and PCI. These reports, authored by leading certification auditor Coalfire, confirm that Falcon Host can play a critical role in satisfying the information security requirements of these industry-specific regulatory guidelines.
CrowdStrike CIO Colin Black, a veteran IT executive with more than 25 years’ experience in technology management, recently sat down with Content Director Steve Kovsky to discuss the challenges IT and security executives face when seeking to comply with these industry standards, and the significant contribution CrowdStrike can make toward meeting those challenges.
SK: Colin, from your perspective as a CIO, why is this effort for CrowdStrike to support regulatory compliance so important?
CB: When you implement a number of tools in the organization, it’s great to be able to get added value from those tools. So when you implement something like Falcon Host, and you can get additional operational efficiencies from that tool to help you meet various standards and certifications, then it’s kind of like a bonus. For CIOs, to be able to do things like PCI and HIPAA compliance — and looking ahead to the next compliance challenges — and meet those requirements as part of the Falcon implementation, it really reduces the operational burden on IT departments that are already really stretched.
SK: Some of these regulatory frameworks are industry-specific and some are a little bit more general. Can you walk us through a couple of the key ones?
CB: Sure. Among the most important ones I see out there, the first is PCI, for credit card processing, where organizations are looking to protect that data when they’re interacting with credit cards for the consumer base. PCI essentially sets the standards around around how you keep that credit card information. HIPAA, as most of us know quite well, is in the hospital and medical area, where essentially we’re looking to take care of those medical records and personal information. And then we find a lot of people moving into NIST because that is a very high standard for security, and as cyber becomes more and more important, the better standards we can apply, and the safer we feel our organizations are. If you can blend the mix between the amount of effort required and the amount of compliance and safety it brings, then that’s fantastic.
SK: So this is something that our customers have been asking for, and it’s an effort that you’ve been working on and really driving as an executive.
CB: Absolutely. We’ve seen a number of customers asking us if our tool can help them with their compliance, and I know as an ex-customer using Falcon Host, I used it to help me with certifications such as NIST and other government certifications.
SK: So what is your advice to CIOs and CISOs that are facing these regulatory issues? What would you say is the first thing they should do to help their compliance efforts?
CB: Overall, understand your needs. I’ve seen that the standards can be interpreted in different ways, and I encourage you to reach out to different people who have been through it — CIOs like myself, who’ve been able to navigate those waters and get advice on ways that it can be done. Learn how you can use existing tool sets to automate that process, and reduce the burden on your staff and IT department.
To watch the interview with Colin on YouTube, click here. For more information on using CrowdStrike to help your organization achieve regulatory compliance, visit our Compliance and Certification Center.