Contact Us
Services - Cloud  Security

Controls as Data

Why Controls as Data?

Data like knowledge is power. Your organisation’s controls are no exception. 

What do we mean by controls?   The National Institute of Standards and Technology (NIST) defines a control as a measure that is modifying risk. It could be a security or a cost control. 

The lack of meaningful understanding begins with how and where your controls are stored and represented. You cannot provide the visibility and analysis your controls require, if they are stored in documents, spreadsheets or wikis. Separate the data from their representation and surface the information needed for your internal customers.

Treat your controls as data. Use the information they provide and build intuition around your organisation’s posture. Create a useful system repository that traces controls all the way to their technical implementation, giving you an end-to-end view of your real and current security posture.  

Cater to your internal customers and auditors needs, with any representation format and answer any query about the nature of your controls. 

You can incorporate everything from security to cost controls and from threat models to regulatory frameworks.

Metis by Airwalk Reply allows organisations to treat controls as data . Introducing a dynamic representation relevant to each audience, push the data to any platform, and create a collaborative environment where controls make sense to everyone.

Key takeaways

  1. Surface relevant views:  Show the relevant information to the appropriate audience. For example, you might want to surface the Infrastructure as Code or control enforcement part to an application team, but you want to show the NIST 800-53 controls mapping or threat model to an auditor.
  2. Provide downstream APIs: You can provide a downstream API to whoever needs it, be it a team that does policy as code or your cyber analytics function.
  3. Inner source and crowd source: No one has all the answers. By inner sourcing and crowd sourcing, you can leverage the collective intelligence of your organisation.
  4. Develop to a common standard: Develop controls to a common standard, with specific information or data requirements and acceptance criteria.
  5. Be flexible about tools: Use known patterns and be flexible about the tools you use. Use an approach that fits your organisation and the workflows you’re familiar with.

Transform your security posture with controls as data.  Get in touch

and News

Read about our industry news, insight, employee stories and upcoming events.

View all

Client Case Studies