Continuous monitoring is a critically important step for organisations that are serious about securing their digital domain. The National Institute of Standards and Technology (NIST) defines continuous monitoring as the process of maintaining ongoing awareness of information security, vulnerabilities, and threats to support organisational risk management decisions. In this way, an ongoing monitoring program provides critical real-time visibility into organisational risk factors and cybersecurity performance. While not an easy task, it is considerably more approachable thanks to automated information-gathering tools.
To have an effective cybersecurity program, it’s paramount to have a complete understanding of your organisation’s risk profile, existing IT infrastructure, organisational alignment, accountability and support, and robust management and enterprise visibility into risk. Here is how a continuous monitoring program can support and benefit an organisation.
Continuous monitors come in different styles and sizes but are intended to be kept on the workstation. Some units ‘sit’ on the bench; others are attached to the working surface matting; some can even be attached underneath the workbench, so they don’t take away valuable workspace. Operators connect their wrist straps to the unit to allow for continuous real-time monitoring. If the wrist strap fails, the team will alarm. Many continuous monitors also feature a parking snap providing a means for the operator to disconnect when leaving their workstation.
Types of Continuous Monitors
There are two different types of continuous monitors available:
- Single-wire continuous monitors allow the use of any standard, single-wire wrist strap and coiled cord. The monitor/wrist strap system life-cycle costs are significantly lower compared to dual-wire systems. While they would not be suitable for the most critical applications, single-wire continuous monitors are an economical way to monitor both the operator’s wrist strap and workstation surface.
- Dual-wire continuous monitors provide proper constant monitoring of wrist strap functionality and operator safety according to accepted industry standards. Dual-wire continuous monitors provide redundancy because even if one dual-wire wrist strap conductor is severed, the operator still has a reliable path-to-ground with the other conductor. Dual-wire technology requires the use of dual-wire wrist straps and coiled cords.
Benefits of Continuous Monitors
A thorough understanding of the devices and systems under direct organisational control is a massive benefit of maintaining a continuous monitoring program. When you know your digital footprint front to back, it serves as a fundamental pillar for future success. Whether it’s for understanding end of life systems, reducing potential attack vectors, or prioritising crown jewel assets. For these reasons and many others, it’s essential to know what systems you have out in the field. Leveraging this knowledge can significantly reduce business costs, reduce risk, simplify administrative overhead, and improve efficiencies.
Continuous monitoring isn’t just about knowing what systems are in your ecosystem; threat profiles must be created for all business systems to better understand the underpinnings of the actual risk presented by specific strategies. Creating a risk evaluation for all critical systems in an organisation’s digital ecosystem is crucial in prioritising security resources to ensure that every budgeted dollar is spent on tangible security controls on systems that have the potential to cause the most financial harm in the event of a cyberattack. With this increased level of understanding, it becomes infinitely easier to identify high-risk systems that cybercriminals may target and how they may do so. Knowing which specific techniques are the most critical for business operation allows for better prioritisation of security resources, which results in the best marginal decrease in organisational risk.
Ability to Track Cybersecurity Performance Indicators
Having the ability to track key cybersecurity performance indicators (KPIs) is another benefit of continuous monitoring. With the help of automated tools, it becomes possible to aggregate organisational data to properly track the performance of a variety of business metrics. These cybersecurity performance indicators can help identify security gaps, auditing control effectiveness, tying budgetary allocations to direct security upgrades, driving governance and accountability, and so much more. Tracking these metrics allows for a smarter percentage of budget and better future planning for the most cost-effective yet rigorous security program possible.
Increased Decision-Making Capability
One of the most critical aspects of business is conducting proper market research and making the right decisions based on market conditions. When making business decisions, it’s essential to have relevant and accurate information on hand to ensure the correct decision is made. Continuous monitoring is a piece in that puzzle since a well-executed continuous monitoring program will provide critical decision-makers with the information they need to understand the current landscape of their digital environment. Armed with this knowledge, businesses have the agility to adjust to varying market conditions and be better positioned to exploit new opportunities.
Establishing an effective continuous monitoring program is not an overnight task. It requires planning, effort, time, and a solid team to include support from the top. But there is hope as there are resources, tools, and frameworks available to help organisations hit the ground running when it matters most. One of the most critical principles in determining the success of a cybersecurity program is in the detail and honesty of the knowledge of the company’s digital ecosystem, existing cybersecurity measures, and future cybersecurity goals. Being able to pinpoint strengths and weaknesses in organizational systems accurately is invaluable. Having a continuous monitoring process in place provides organisations with the knowledge to allocate resources for measurable performance improvement most efficiently.
Imagine this scenario: you come to work in the morning, you test your wrist strap, it passes, and you start work on your ESD sensitive devices. Three hours later, when you come back from your tea break, you test your wrist strap again, and it fails. What to do? You don’t know if the wrist strap only just failed or if it failed right after your first test in the morning. How do you know if the devices you worked on all morning have been damaged? You don’t – after all, latent defects are not visible, and failures may only occur at a later time. Continuous monitoring while working on those ESD sensitive devices will alert the operator as soon as their wrist strap fails. The faulty wrist strap can be replaced with a new model from stock, and everyone is happy – no ESD sensitive devices damaged and no unhappy customers.
Monitor Operator and Workstation
An option available with most continuous or constant monitors is the ability to monitor working surface ground connections. "Some continuous monitors can monitor work surface ground connections. A test signal is passed through the work surface and ground connections. Discontinuity or over limit resistance changes cause the monitor to alarm. Work Surface monitors test the electrical connection between the monitor, the work surface, and the ground point. The monitor, however, will not detect insulative contamination on the work surface." [ESD TR 12-01 Technical Report Survey of Constant (Continuous) Monitors for Wrist Straps]
When the monitor is connected to an ESD Mat working surface, the amount of current that flows is a function of the total resistance between the monitor and through the working surface to the ground. When the resistance of the working surface is below a pre-set threshold*, the monitor will indicate good. Conversely, if the resistance level is high compared to the monitor’s reference*, the unit will alarm. This is an integrating resistance measuring circuit. Therefore it is relatively insensitive to externally induced electromagnetic fields.
Detect Initial Flex Fatigue
Unlike wrist strap testers, continuous monitors detect split-second failures when the wrist strap is still in the “intermittent” stage. This is before a permanent “open”, which could result in damage to ESD sensitive components.
Eliminate Need for Periodic Testing
Many customers are eliminating periodic touch testing of wrist straps and are utilising continuous monitoring to ensure better that their products were manufactured in an ESD protected environment. Continuous monitors eliminate the need for users to test wrist straps and log the results; by their function, these monitors satisfy the EN 61340-5-1 test logging requirements.
So when using constant monitoring, operators:
- You don’t have to waste time queuing at a wrist strap test station before each shift.
- They don’t have to remember to complete their daily test logs.
It’s also harder to ‘cheat’ with continuous monitors. We’re not saying your employees would do naughty things like that, but we’ve seen it all before: operators ‘pretending’ to perform a wrist strap check, operators failing a wrist strap test and still recording a pass etc. There are always options to bypass a system, but it’s harder when continuous monitors are used.
So should you now run out and equip all your users with continuous monitors? As with most things in life, the answer is not that simple: it depends! If your company manufactures products containing ESD sensitive items, you need to ask yourself, “how important is the reliability of our products”? Sooner or later, a wrist strap is going to fail. If your products are of such high value that you need to be 100% sure your operators are grounded at all times, then you should consider a continuous monitoring system.
Benefits of Continuous Monitoring Beyond Compliance
We demonstrated how continuous temperature monitoring is a more proactive approach than a paper-based/clipboard system. We are much more likely to meet compliance standards accurately as they change over time.
In this post, we’ll take a look at the five ways continuous monitoring goes beyond compliance.
Moving to a digital system for temperature monitoring ensures that if a temperature excursion occurs at a single pharmacy in a large retail chain, managers are alerted quickly and can respond before a major infraction ensues. Not to mention the bad press and reputational damage which may result from the fallout of mishandled medications or vaccines. If the costs of changing to a digital system seem prohibitive, remember: they’re minuscule compared to the loss of expensive medicines, regulatory fines, damages from a lawsuit, and costly re-vaccinations.
It’s not unheard of for pharmacies to lose hundreds of thousands of dollars worth of inventory due to a single refrigerator failure. Many pharmacies rely on insurance policies to protect them from such unforeseen losses. Often they fail to recognise that without continuous temperature monitoring, they may not even know when temperature-sensitive medications have been exposed to temperature failures. Moreover, insurance policies often have insufficient coverage for extensive, short-term inventories, such as flu vaccines, or expensive drugs such as chemotherapy, immunosuppressants, chronic condition injectables (e.g. insulin for diabetes) and biologics. For these reasons, it’s critical to use continuous temperature monitoring to protect your investments.
If you’re looking for even more reasons to prioritize your expenditures in these days of thinning profit margins, consider how a digital system will optimise resources, especially human resources. Using cutting-edge technology to monitor temperature can improve margins by freeing pharmacists and technicians to focus on patient care. Why waste valuable staff time on manual temperature monitoring when connected technology can do it faster, better, and more reliably?
Pharmacies hold a moral and ethical responsibility to their customers. A critical part of doing this is to ensure temperature rules and regulations are followed to the letter of the law—and sometimes well beyond—to uphold best practices that keep patients safe and healthy.
Perhaps you’re still not convinced the value of 24/7 data is worth the expense of a digital system. You might be wondering, really, how helpful are temperature readings every 5-15 minutes? Beyond the benefits detailed above, here’s your answer: continuous data records hold valuable information that can help you address—and improve— other business needs.
With our system, analytics can show you when refrigerators and freezers need maintenance. Temperature data, coupled with the information about compressor cycles, can predict unit failures in advance, thus allowing teams to schedule maintenance before a breakdown occurs proactively. Moreover, you can better judge which units need to be replaced immediately, allowing you to make only the necessary capital expenditures within any single fiscal budget.
Finally, the data can also provide comparative information when equipment make and model is captured along with readings and time stamps, giving insight into which brands are better than others when purchasing replacements.
Benefits of Continuous Compliance Monitoring in the Cloud
Manage to Cloud Security Risk
2017 was a seminal year when cloud computing took a leap in capabilities as cloud service providers, like AWS, made available the next generation of cloud computing capabilities with new data storage options and processing capabilities. Clouds within the business environment and used outside of the direct control of the organisation’s IT department must be managed to mitigate associated information security and privacy risks.
Continuous Oversight Is Crucial.
Continuous oversight activities provide visibility into the real-time metrics and the current status of cybersecurity and privacy levels at any point in time to facilitate the most effective maintenance of ongoing management. These oversight activities, applicable to all types and sizes of organisations, include:
- Continuous in-house assurance
- Continuous external cloud assurance
- Continuous improvement
- Continuous supply chain management.
Key Benefits of Continuous Monitoring
A few of the critical benefits of using a continuous monitoring program that will resonate with business leaders and those who make budgeting and resourcing decisions include:
- Promoting real-time information security, privacy and compliance risk management.
- Supporting ongoing information systems and standard controls authorisation through the implementation of continuous monitoring processes.
- Providing senior leaders and executives with the information necessary to make time-efficient, cost-effective risk management decisions.
- Incorporating information security and privacy controls and protections into the complete data, applications, and systems development life cycle.
- Linking and incorporating essential risk management processes within the data, applications, and systems to risk management processes at the organisation level.
- Supporting proactive responsibility and accountability for the controls and risk management activities.
Supply Chain Security Risks
Many security incidents and privacy breaches are caused by contracted vendors, third parties and business partners. The frequency by which the complete list of vendors, suppliers, contractors, and other third parties are reviewed is imperative in mitigating cloud risks.
Organisations must begin asking themselves which third parties are critical to the business environment and those who have access to any personal or sensitive data.
Bridging the Gap
Due diligence is needed to have a compelling hold on the many threat vectors posed by the cloud. Information assurance professionals can more effectively mitigate the risks created by new and emerging technologies and practices through continuous monitoring activities. Security controls must be embedded in all our daily procedures.
All organisations throughout the world currently face significant new types of information security, privacy and compliance challenges. Many of these challenges come through cloud services and involve new and emerging technologies and practices. Supply chain services and products also are increasingly provided through cloud connections or within cloud servers, so those associated risks must also be mitigated.
Information assurance professionals can more effectively mitigate the risks through the use of continuous monitoring activities. Put on your professional security hat and obtain visible support of executive leadership, implement the constant monitoring and oversight capabilities, ensure that compliance with all legal requirements is the norm, and, most of all, keep an eye on all your vendors and supply chains. Stay ahead of hackers and ahead of auditors as your core businesses model morphs into the unavoidable cloud.