What the public sector can learn from CDM’s data strategy


The US government handles massive quantities of data — via separate agencies and disconnected data systems. Having a central dashboard to track this data is absolutely essential for uncovering and sharing cybersecurity vulnerabilities before they can do harm to citizens or critical infrastructure.

This dashboard — known as the Continuous Diagnostics and Mitigation (CDM) dashboard — is operated by the Cybersecurity and Infrastructure Security Agency (CISA) and centralizes data from over 100 civilian agencies. The CDM program recently reached its 10-year anniversary, which is an impressive milestone for a program that continues to develop and expand.

Centralizing petabytes of data via Elastic

When you lift up the hood of the CDM dashboard, you’ll see Elastic as the powerhouse providing the technology to ingest, index, and visualize petabytes of government data. ECS — the prime integrator for the dashboard — is an Elastic Premier partner that facilitates interoperability into the larger CDM system and is essential to the dashboard’s success.

The CDM dashboard is able to index structured, unstructured, and semi-structured data when ingested. In other words, Elastic can make sense of data that’s clearly organized in databases, as well as data in native formats such as PDFs and images. The result is a comprehensive look into cross-agency data that enables CISA and federal agencies to detect hidden threats and respond quickly.

One of the critical capabilities that Elastic provides to the CDM dashboard is cross-cluster search, which allows data to be searched across disparate environments (such as a public cloud and an on-premises data center) and visualize that data in one comprehensive view. For example, you can store sensitive data in your data center, and non-sensitive data in the cloud, while maintaining complete visibility across both environments from one user interface.  As a result, you can detect threats and analyze security events faster – without costly data silos or barriers to critical information and insights.

As Federal News Network writes, “The CDM toolset has come in handy during every cyber threat and incident agencies have faced over the last five years. Whether it was the WannaCry ransomware attack or Log4J or any number of threats, agencies and CISA can turn to the dashboard from Elastic to discover more complete data more immediately.”

What does this centralized approach to data mean for you?

If you work for a federal civilian agency, you’re probably well aware of the benefits and applications of CDM’s work. But other public sector organizations, and even our private sector counterparts, can learn from CDM’s centralized data strategy.

Many government agencies and education institutions are challenged with data and tool sprawl, with internal teams using different solutions for specific purposes, each housing its own data. Without a central data platform, you’re essentially increasing the number of hiding places for cyber threats. Some of these threats, such as the Log4j incident, have the potential to remain hidden for months or even years.

On the other hand, if your IT and security teams have holistic insight into all data, in one place, then there’s a much higher probability of finding threats before they can make an impact. And if a threat is detected, your teams can collaboratively remediate, since they all have access to the same dashboard and data.

Why public sector customers like CISA are opting for Elastic

Government agencies like CISA are choosing Elastic to help consolidate tools, save on costs, and build unified data strategies for their organizations.

  • A single platform for security, logging and more: Elastic is a unified platform that will ingest and analyze all types of data from any environment. Because data is such a strategic asset for government, Elastic’s unified data platform can be the center of your IT strategy, providing logging, security, observability, actionable insights, and more from one central location. This approach can reduce data silos, consolidate tech tools, and reduce costs. 
  • Find the data you need, no matter where it is: Just as the CDM dashboard leverages Elastic’s cross-cluster search, other public sector agencies can also benefit from this capability, which enables data to be analyzed where it resides — leading to significant cost savings from not having to replicate or ingest data.
  • Uncover critical information in milliseconds: Elastic allows you to conduct real-time search queries in milliseconds — enabling your teams to find and act on the information you need to make critical decisions. Our data tiering, including the frozen tier, provides flexibility and cost-effectiveness for storing data you don’t need to regularly access but still need to retain. (And querying this historical data takes only minutes, compared with our competitors, which take hours. Government agencies often don’t have that luxury of time.)

Learn more about CDM, Elastic, and tool consolidation

Take a closer look at how Elastic and CDM work together to protect against cyber threats by exploring the Elastic for CDM website.

Or dig deeper on the potential benefits of a unified data platform at your organization by reading the white paper “How public sector can continue to innovate while reducing tech costs.”