Holes in your security blanket

When I talk to IT folks about how they are protecting their data, I get some interesting answers. Part of this is because there are lots of shades of gray in the answers, and lots of us (I did say us) listen in sound bites. Every time you try to zero in on exactly what is protected, you feel like you are part of a Jimmy Kimmel bit where people are talking in circles.

I feel sort of bad when I have these types of discussions with folks. Sort of like I stole someone’s security blanket, when they describe how they are protected and I ask a few revealing questions. I totally understand how it’s easy to misinterpret what is covered and what is still exposed.  

I learn best from examples. So let’s play the “am I protected or not protected” challenge. Before we start, all the technologies mentioned below are important, and can be critical to your overall data security strategy. They just might not cover as much as you thought or were led to believe.

Firewalls

Firewalls have become more sophisticated over the years. They police, if you will, data traffic that comes into or goes out of a company. Many are now inspecting the data, looking for threats within the data itself and looking for known/learned data fingerprints, suspicious application and IP addresses.  

  1. Can firewalls protect you from insider errors or threats? Unfortunately unlikely, since the data in question likely does not leave the company via the network.
  2. Can firewalls tell you where your sensitive data lives and monitor access? No, most firewalls lose locality of the data once it’s made it through the firewall.

Ransomware

Ransomware is rogue software likely triggered by an end user, which encrypts the data that the user has access to and charges a fee to get the key to decrypt the data.

  1. Does encrypting data help protect it from ransomware attacks? No. The ransomware can encrypt the encrypted data. I was surprised by the number of folks who believe that encryption stopped ransomware. There are no rules against encrypting encrypted data.
  2. Existing data sets can’t contain latent ransomware triggers, can they? They can, and probably do. The worse place to have it lurking is in your backups. Restores from backup can feel like movie “Groundhog Day,” since you’ll be reliving the same attack over and over again.

Secure data at rest (SDR)

Secure data at rest is just what it implies; it encrypts data sitting on the HDD/SSD drives, so if the drive is stolen the data can’t be reconstructed. This feature is also really misunderstood – SDR is protecting against physical loss of disks. Anyone who can login and access the data will see it unencrypted. The encrypt/decrypt happens at much lower layer then users/applications interact with the data.

  1. Does SDR protect against some unauthorized person logging into the system and accessing information? Nope.
  2. Does SDR protect against someone stealing the entire storage device and accessing the data remotely? If the key management is external (unlikely for most storage arrays, likely for most clouds) or if there’s a password in place on startup (unlikely since it’s painful for quick recovery), then yes. Realistically, for on-premises storage, no.
  3. Does SDR protect against someone stealing up to a fixed number of drives and tries to extract data from them? Yes. The fixed number of disks depends on how the keys for encryption are created and distributed.

Endpoint protection

Software that lives on endpoints, in many cases a smartphone, tablet, laptop or desktop and attempts to ensure the safety of the data.

  1. Endpoints look at all the data an end user can access to ensure it’s safe? Maybe, sometimes, ok probably not… Some only look at executables, others only look at data on the device, and not data that is network accessible.

Many companies are going about protecting their data by buying and deploying a set of products without a clear idea of what they need/want to protect and what the products actually do. Given this, it might be good to build a list of the risks your organization can’t tolerate, then build a strategy for how to achieve the level of protection you need.

What risks are lurking in your data? Get a free security assessment.

  Like This

Paula Long

Paula Long is the CEO and co-founder of DataGravity. She previously co-founded storage provider EqualLogic, which was acquired by Dell for $1.4 billion in 2008. She remained at Dell as vice president of storage until 2010. Prior to EqualLogic, she served in engineering management positions at Allaire Corporation and oversaw the ClusterCATS product line at Bright Tiger Technologies. She is a graduate of Westfield State College.