M-21-31 Cybersecurity

In 2021, the White House issued a new memorandum—M-21-31—requiring that federal agencies retain data logs to support the detection, investigation and remediation of cyber incidents on federal information systems. M-21-31 requires specific data log types for IT systems and defines a multiyear retention period.* However, storing and sharing massive volumes of data to comply with the mandate is costly.

Deloitte’s M-21-31 Cybersecurity solution for the public sector is an industry-proven model for efficiently storing and sharing log data. With their solution, data is designed to be retained in low-cost cloud storage, accessible by centralized queries to avoid the transfer of raw data. Using the Databricks Data Intelligence Platform, Deloitte deploys a hub-and-spoke model where a central analytics “hub” coordinates with enterprise clouds and system owners, i.e., the “nodes”, to establish a centralized analytics layer for log data. This multi-node, federated model allows data to be securely shared from individual nodes to the centralized lakehouse in order to compile, search and perform advanced analytics. By leveraging this federated model, agencies avoid costly log data storage in native cybersecurity systems, and maintain flexibility with their existing cloud—data does not have to be moved from one to another. 

With Deloitte’s M-21-31 Cybersecurity solution, potential benefits are:

• Integrate with existing systems to accelerate adoption
• Scalable, long-term retention of petabytes of data
• Reduced data duplication and real-time analytics

*Source: "Executive Order on Improving the Nation's Cybersecurity", The White House