It is well known that system administrators have full access to all aspects of an agency or organization’s IT systems. This access creates a central threat vector and a relatively easy target for hackers, essentially the “keys to the castle.”
By hacking, stealing, or social engineering administrator credentials, hackers obtain unrestricted access to critical data. This data can be manipulated in many ways and often used for nefarious purposes and/or sold on the Dark Web. Sophisticated rules and algorithms can be developed to facilitate seamless back doors to an agency or organization’s critical data.
Footprints are easily erased, covering any evidence of log file tampering. Historically, system administrators find out after the fact that an unauthorized user has accessed a system. In many cases, the damage is already done, and the attack is being publicized on social media and other news sources.
Today’s cybersecurity programs, in many cases, have proven to be reactive and planned as an afterthought. Programs are not granular enough to prevent attacks and create meaningful intelligence on the data across its lifecycle. Like protecting a medieval castle, every point of entry must be considered and defended.
To consistently and effectively secure network and applications data, the following items need to be considered to ensure a robust data security platform:
- Pervasive. All data must be protected — always — including streaming data and field elements within databases.
- Persistent. All data must be secured — always — allowing no margin for error or malicious behavior. An agency or organization’s IT system(s) must fail ‘closed’ with the ideal data security platform implemented.
- Domain Independent. Data security must travel with the data, independent of the domain. The data owner or author must be able to track use of the data, and revoke data access.
- Transparent to the user. User operation must require little-to-no additional knowledge to use the features and functions of a platform to secure data. It should be intuitive and simple, without programming or intensive set-up, in some cases requirements may dictate the complexity.
- Governed. Administrators must accept and maintain corporate and data governance rules at the data level.
- Automatic. Security can’t be thwarted, either maliciously or accidentally.
- Recoverable. The data owner or author must be able to revoke data access even when data moves to other domains.
- Auditable and analyzable. Audits must be fully trackable across foreign domains, and behavioral analytics must provide data analysis — regardless of where the data travels or exists.
- Scalable. Systems must provide automated threat prevention, active response, AI, and quantum proofing functionality to deal with issues and threats as they occur — regardless of the size and scope of a threat.
- Internet of Things (IoT) ready. Systems must provide a secure fabric that works across all data, across all smart devices. (Galinski, 2017)
The key technical components of a robust data security solution should include the following:
- Data Management Operating System (DMOS). A DMOS that runs virtually on top of other operating systems and platforms.
- Sophisticated Key Structure.
- An asymmetric (public/private) key system. An agency or organization’s keys are all generated on their own network, which leads to a “zero-knowledge system,” meaning there is no way for the solution provider to see the client’s data. This includes extending zero-usable knowledge to the cloud hosts. Agencies and organizations should be protected not only from hackers on those other systems, but also from rogue employees of those cloud hosts.
- Hierarchical Keys.
- Fractional Keys.
- Multiple Endpoint Connectivity. The solution must be designed to connect with multiple endpoints — whether computer, mobile, database or IoT. Computer and mobile clients are standardized and easily deployed. Database connectors require implementation that varies and is dependent upon the database platform and architecture.
- Real-time User Behavior Analytics. Create a constant learning loop based on artificial intelligence (machine learning) principles.
- Integrated End-to-End Data Intelligence Platform.
- Quantum Proofing of data should be considered in anticipation of the increased use of quantum computers for hacking purposes.
- External plugins. In situations with external “actors” or subscribers of data, the data security solution should provide plug-ins for those external subscribers that control security and data access, while simultaneously providing an additional toolset to manage and secure data via user subscriptions. As an example, PDF or other reports can be timed to expire, based on the subscription date and can be limited to only the registered user. These reports cannot be opened by, or shared with, non-paying subscribers (in scenarios where this may be applicable).
- Inbound/Outbound Data. An effective data security solution must secure both inbound and outbound data from inception to destruction. Policies and rule sets provide a flexible method for creating a rule-base, which provides the convenience of “set-it and forget-it” automation.
Once you have identified a solution that covers the robust requirements, it is important to consider integration points for your data security solution with your existing security ecosystem – including Security Information and Event Management (SIEM) tools, identity and access management tools (moving towards federated identity management and attribute-based access control), and threat intelligence platforms, etc.
Given the increased threat vectors across all industries, it has become imperative for agencies to think outside of the box when it comes to cyber security. A “security first” posture is table stakes, and should not be taken lightly. The level of sophistication of hackers is growing, as is the technology available to enable hacks. It is incumbent upon agencies and organizations to be proactive and invest in protecting the keys to the castle and the most important treasure — data!
Post Date: 4/30/2018