Applying Military Insights To Enterprise Data Security


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Applying Military Insights To Enterprise Data Security

  1. 1. Applying military insights to enterprise data security: the application of time-tested milita... Page 1 of 4 Home | About Us AccessMyLibrary Browse C Computer Technology Review JUL-04 Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore) COPYRIGHT 2004 West World Productions, Inc. Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore) Publication: Computer Technology Review Publication Date: 01-JUL-04 Author: Brown, Kevin Ads by Google PDF to Image Conversion Convert PDF to Bitmap TIFF, JPEG, PNG, BMP, RAW, etc. Car Rental - Avis Enjoy Faster Reservations & Rentals Lowest Mileage Cars, Special Offers Free IT Policies Info Browse Our Technology & IT Articles Online. Subscribe to Weekly Report! Business Continuity Plan BCP/DRP Word Template $389 189 pgs CFO says quot;This saved our companyquot;! Email this article | Print this article COPYRIGHT 2004 West World Productions, Inc. Over the centuries, military and intelligence organizations have developed sophisticated doctrines and procedures relating to physical and information security. These doctrines address a range of concerns including ambush, spies, maneuver, counter- intelligence, mutiny and force protection. Today's enterprises and government agencies have migrated to highly networked computing systems, with nearly all critical functions reliant on computing resources. This evolution has delivered higher productivity, but at the same time has created dramatically higher exposure to electronic attacks. Concern over information assurance has never been higher, and the range of acknowledged threats is growing: disgruntled insiders, viruses/ worms, corporate espionage, script kiddies, cyberterrorism, and information warfare in conflicts of the future. In many senses, computer security already resembles a guerrilla war. Today, largely invisible enemies launch daily attacks on nearly every major corporation and government agency, and rapidly adapt their tactics to address countermeasures. This article highlights a number of time-tested military principles that can be applied by corporations and other organizations to prepare for such electronic warfare. MULTI-LEVEL SECURITY: Intelligence organizations use MLS to manage and streamline access to data. By classifying each piece of data, and establishing the related levels of trust among individuals (e.g., unclassified, secret, top secret), these organizations balance 8/18/2008
  2. 2. Applying military insights to enterprise data security: the application of time-tested milita... Page 2 of 4 risk with speed of information sharing. Typically, civilian organizations lack the same discipline around information sharing. For organizations that deal with sensitive or regulated data, a more structured approach to assessing trust and granting access can be used to more tightly manage risk. COMPARTMENTALIZATION: This principle is reflected in nearly every aspect of military organizations. For example, a captured special ops team does not know the locations of other units, in order to minimize risk. Often, analysts and planners have access to only a subset of the quot;whole picturequot; and, similarly, a submarine uses physical compartments to contain the damage from a hull breach. With the move towards aggregated and networked storage, non-military organizations are increasingly at risk of massive breaches. In fact, a single breach of networked storage can yield terabytes of data and in many cases can be executed without detection. By using physical or cryptographic compartmentalization, organizations can reduce the exposure of any single breach. Typical approaches include compartmenting information by functional area (Finance, Engineering, Executive), by business unit, or by customer. NEED-TO-KNOW: Military planners understand that the risk of leaks increases exponentially with the number of people who have information. Accordingly, sensitive data is distributed to only those who need it, and access to data is documented and audited. According to the FBI, 50%-80% of electronic attacks originate inside the firewall. Even though the vast majority of employees are honest and trust-worthy, a single hostile individual can inflict massive damage. Instead of starting with the assumption that all data should flow freely among employees, organizations should invest in processes and systems to manage access to sensitive data, and ensure accountability. Fine-grain access controls can be used to provide flexible access to the data without disrupting user workflow or applications. [ILLUSTRATION OMITTED] CRYPTOGRAPHY: As early as the Roman Empire, military organizations have used cryptography to protect sensitive data. Traditionally, cryptography was applied primarily to communications and data in flight; increasingly, sensitive data at rest is being protected with cryptography. For highly networked environments facing a variety of external and internal threats, cryptographic security is a necessity. In today's networks, the volume of data in transit (megabytes) is dwarfed by the volume of data in storage (terabytes). Computer security experts increasingly recommend encryption for protecting stored data. DEFENSE IN DEPTH: Realizing that any single layer of defense can be defeated, military and intelligence security experts typically deploy layered defense strategies. In light of the growing insider threat, and the growing number of holes in the network perimeter (VPNs, contractors, partner networks), enterprises can no longer assume that their firewall or intrusion detection system is sufficient. Critical data and systems must be compartmentalized and protected within the perimeter. This is a challenging proposition since certain insiders, typically IT administrators, enjoy quot;super-userquot; privileges and unlimited access to data and systems. Organizations should closely review their infrastructure and implement security in layers, ensuring that sensitive information is fully protected. CONCENTRATION OF FLOW: Military checkpoints and border crossings funnel all traffic through aggregated control points. These locations typically have a concentration of security forces, and the ability to authenticate and document all traffic. Simplicity equals security. Many system vulnerabilities today stem from complexity; administrators cannot watch all of the different attack vectors. Security approaches that can simplify the security model and close down attack vectors can reduce an organization's risk of attack, while improving the chances of catching the attacker. Best case scenario: one way in, one way out. ROLE SEPARATION: Many military procedures include checks and balances among multiple individuals to ensure that no single individual can sabotage or usurp the mission of the organization. Critical functions such as nuclear weapons command or air strike operations require multiple people in different functions to concur and approve an action. Organizations with sensitive data may wish to eliminate single points of vulnerability, but many security managers today find that they do not have the tools to extend security policies into the storage infrastructure. Implementing role separation can help. For example, an IT organization may establish separate roles for security administrators and 8/18/2008
  3. 3. Applying military insights to enterprise data security: the application of time-tested milita... Page 3 of 4 system administrators. Access to sensitive customer data, or sensitive administrative changes to systems, should require approval from multiple functional managers. TWO-MAN RULE: This is a corollary to the Role Separation doctrine. For critical operations, two individuals must exercise authority to act. The classic example: nuclear silo operators turning two keys simultaneously to launch a missile. Critical systems should never be designed with single points of failure or vulnerability. For sensitive operations, such as accessing archived data or recovery of failed systems, a quorum of trusted employees can be used to ensure that no individual can defeat security. TWO-FACTOR AUTHENTICATION: Access to secure facilities almost always requires both knowledge (what you know, e.g. passwords) and official identification (what you have). Increasingly, token-based or biometric systems (who you are) are used to prevent forgery of credentials. For sensitive systems, traditional username/password mechanisms are too weak. Humans are simply not good at choosing strong passwords, and there are many well-known instances of this sort of attack. In the case of computer systems, administrative functions are the most sensitive, because they typically enjoy access to all data and security measures. Implementing two-factor authentication methods can significantly reduce the possibility of common spoofing attacks. KEY ROTATION: Physical and cryptographic keys are regularly rotated to limit the duration of exposure in case of a breach. Following a confirmed or suspected breach, keys can be instantly revoked or invalidated. Enterprise and government security systems must have the infrastructure to regularly or instantly rotate keys, including both physical tokens and electronic or cryptographic keys. This infrastructure includes mechanisms for cataloguing the database of keys needed to access archived data. KILL-SWITCH: In military practice, it is common to protect systems that can be physically breached or overrun with some type of kill-switch mechanism to instantly destroy sensitive data or technology. The U.S. spy plane that was forced to land in China provides a good example of the need for electronic kill-switch capabilities. Computers and storage systems that are physically insecure pose a difficult challenge to enterprises as well. Even the best firewall settings are irrelevant if an attacker can simply remove terabytes of cleartext data on disk drives. For physically insecure systems, it is advisable to make the default state of data secure, using encryption. Smart cards and cryptographic keys can be destroyed much more quickly and reliably than terabytes of cleartext data. DOCUMENTATION AND AUDITING: Military organizations are notorious for extensive paperwork and documentation. However, when dealing with sensitive information that could cost lives or lose a war, this layer of accountability and deterrent is a smart investment. Organizations must find ways to automate and harden their systems that track access to sensitive data. In the case of typical Unix and Windows systems, electronic logging and auditing functions are easily defeated by any user with quot;rootquot; or administrator privileges. Secure logging and auditing systems that are tamper-resistant and cryptographically signed add a layer of deterrent on top of actual security. Organizational Implications Security-conscious organizations must create processes to constantly evaluate systems, evolving attack tactics, and overall risk profile. Several practical implications emerge: * Designate a quot;Chief Security Officerquot; that has the training and resources to manage security on an ongoing basis. Security is a process, not a one-time project. * For individual operating units, designate a trusted quot;security administratorquot; to manage sensitive systems that protect the overall organization. For smaller organizations, this role may overlap with other responsibilities, but ideally this role separation can create checks and balances for administrative staff. Use strong authentication to ensure the integrity of this role separation. * Design systems that can shield sensitive data from administrators. In light of the growing insider threat, and the almost unlimited system privileges that root users enjoy, this is a major exposure point for every organization. 8/18/2008
  4. 4. Applying military insights to enterprise data security: the application of time-tested milita... Page 4 of 4 Centuries of experience, high stakes, and organizational discipline have helped military and intelligence organizations create sophisticated security doctrines. The design and execution of these doctrines is never perfect, but they nonetheless hold valuable lessons for organizations that are increasingly sensitized to the importance of security. Through a combination of strategy, process, and systems, civilian organizations can use these lessons to make profound improvements in their security posture. [c]2004 Decru, Inc. Used by permission. Kevin Brown is vice president of marketing at Decru. Inc. (Redwood City, CA) More Articles from Computer Technology Review Continuous data access: enterprise-level high availability using iSCSI... July 01, 2004 SAS: now and in the future.(Connectivity)(Serial Attached SCSI)(Panel ... July 01, 2004 Storage infrastructure requires defense in depth.(Disaster Recovery & ... July 01, 2004 The cost benefits of a SAN: an analysis of total cost of ownership (TC... July 01, 2004 © 2008 Gale, a part of Cengage Learning | All Rights Reserved | About this Service | About The Gale Group, a part of Cengage Learning Privacy Policy | Site Map | Content Licensing | Contact Us | Link to us Other Gale sites: Books & Authors | Goliath | | WiseTo Social Issues 8/18/2008