Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Built Upon a Foundation of Trust


Published on

Security is about freedom that can only be achieved through solutions built upon a foundation of trust.

  • Be the first to comment

  • Be the first to like this

Security Built Upon a Foundation of Trust

  1. 1. Secure Messaging -built on a- Foundation of Trust Len Gangi, CISA 17 October, 2009
  2. 2. “We must plan for freedom, and not only for security, if for no other reason than that only freedom can make security secure.” The Open Society and Its Enemies (1945) Karl Raimund Popper (28 July 1902 – 17 September 1994) History Often Repeats Itself Before the Internet was commonplace, enterprise networks were protected by a strategy developed during the Middle Ages. Just as feudal lords shielded their castles through the use of moats and drawbridges, security administrators protected their networks by limiting access to ―trustworthy‖ individuals communicating over private lines with static firewalls. Both of these approaches focused their energy on preventing external threats from piercing reinforced and gated perimeters. Obviously, this incorrectly presumed that valuable assets were always inside the secured perimeter and that all internal sources could be trusted. Facts speak differently today with human error, sabotage, policy circumvention and physical theft headlining the list of data loss events, many of these related to ―trusted‖ users and confidential data compromised while outside of the corporate castle and its feudal defense. A Paradigm Shift With the Internet having become a utility for businesses and individuals alike, innovative forms of communications and commerce continue to proliferate at an unprecedented rate. It is within this highly dynamic and robust environment that we continuously labor over how best to balance the constructive use and protection of confidential information, especially that which is transported and stored as email. The key to building a business enabled network is through a strong foundation based upon the elements of trust, integrity and privacy. These elements must be pervasive and transparent, and should operate without having to confront users with complex technical or procedural security demands. By closely integrating with a user’s daily tasks we can minimize the perceived need or ability to bypass essential safeguards. Most importantly, the security of these foundation elements and the information that they preserve must travel whenever and wherever protection is required. The Internet has not only raised the importance of security, it has also brought about a significant paradigm shift in what makes security secure. Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 2
  3. 3. The Current Environment Although the well-accepted perimeter defense continues to have merit in any network security architecture, businesses must increasingly extend information to remote employees, partners and customers to be successful. In doing so, corporate data becomes widely distributed across a diverse range of stationary and mobile computing devices that have significant storage and networking capabilities. More often than not, these devices hold confidential information that is not under the direct control of the business owner. The integrity and privacy of sensitive data deployed across this type of landscape creates an increasingly complex and spiraling information security challenge. To say the least, this is a significant management risk for any organization just as it is a very worthwhile and, in many cases, mandatory security mission. The Need for Secure Messaging In the paper-based world of business correspondence, companies rely upon a number of guarantees for their transactions: confidentiality, that the contents remain private; authenticity, that the document comes from the individual who signed it; integrity, that the contents have not been modified since being signed; and non- repudiation, that an individual cannot refute a signed transaction after the fact. In electronic business communications these same guarantees remain important, but must operate with much greater speed and sophistication than paper. As a result of several high-profile world events underlying the introduction and acceptance of numerous Information Privacy, Protection and Digital Signature legislation*, the very notion of what is secure and what is private has fallen under very close scrutiny and formal government regulation. Businesses worldwide now have a responsibility to make the protection and integrity of their information and messaging content a priority. * Sample References: 1) UETA (Unified Electronic Transactions Act) – currently adopted into the laws of 47 US States and 3 US Provinces. Remaining States have individually created electronic signature laws. 2) Health Insurance Portability and Accountability Act (HIPAA), enacted by the U.S. Congress in 1996. 3) Gramm-Leach-Bliley Act (GLBA), 12 November, 1999. 4) European Union Directive on Electronic Signatures, 13 December, 1999. 5) ESIGN Act (Electronic Signatures in Global and National Commerce Act) – US Federal Law as of 30 June, 2000. 6) PIPEDA (Personal Information Protection and Electronic Documents Act, Canadian Law as of 13 April, 2000. 7) Sarbanes-Oxley Act, US Federal Law as of 30 July, 2002. 8) HITECH Act (Health Information Technology for Economic and Clinical Health Act), part of the American Recovery and Reinvestment Act of 2009. Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 3
  4. 4. Where Complexity Originates To focus this white paper on business email (messaging), once a casual means of inter-departmental correspondence between colleagues, we must first acknowledge its importance and ubiquity as being supported by email having very few limitations on use, content or network reach. Email is relied upon for timely and accurate corporate information exchange, supports numerous workflow applications, and is the platform of choice for a multitude of commerce-enabled services that extend well beyond the enterprise control boundary. Recognizing that email can transport large and often un-monitored amounts of confidential data, and that tampering with un-protected email communications is relatively easy, organizations are urged to aggressively investigate and manage their email-bound content. This is especially important in highly regulated business environments where numerous government mandates and email-centric court decisions continue to (re)define corporate responsibilities. Significant legal and financial penalties have been directly attributable to mismanaged information and email content, making it vital for organizations to not only understand these issues and risks but to implement solutions that mitigate their consequences. Unfortunately, while there is a genuine need for email security, few organizations have secure email infrastructures, usage policies and monitoring practices in place. Foundation Elements of Security When considering any type of business-enabled application or process, enterprises should plan for the six essential foundation elements of security: Trust, Authentication, Privacy, Integrity, Non-Repudiation and Ease of Use. Trust From a security administrator’s viewpoint, not all users are to be created equal. Each member of an organization should only be ―trusted‖ with access to information that has been classified and authorized for use according to their specific functional role, management status or another approved authorization criteria. For example, a message sent to a business partner must not contain information classified for use only by the company’s executive team. Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 4
  5. 5. Security administrators implement levels of trust through Role-Based Access Controls (RBAC) and Group Policies which are typically integrated with corporate directory (e.g. Active Directory, LDAP) services. In conjunction with Digital Rights Management (DRM) and/or Data Leak Prevention (DLP) applications, the authorized level of access required for the use of digitally protected and classified content can be enforced regardless of location or recipient. Applying this to secure email, Trust is the overall foundation element established between the message sender and recipient(s) through an assured, recognizable and verifiable ―identity.‖ This can be accomplished through the use of identity verified digital client certificates issued by a recognized and reputable Certificate Authority (CA). In secure email, Trust is supported by the elements of Authentication, Integrity and Privacy which are outlined in the next several paragraphs. Authentication In general, authentication is used to confirm the identity and authority of an individual or device prior to granting access to an information or network resource. Comprehensive and federated forms of multi-factor authentication (e.g. ID / password supplemented by a digital client certificate or Token/PIN response) are often deployed in enterprises, especially when remote access to sensitive information is provided to employees, business partners or customers. Authentication solutions effectively reduce the risk of information theft or misuse by enforcing access control and usage authorization policies. Authentication, as it may be applied to secure email, confirms the identity of a message originator and message recipient(s) through the use of Public Key Infrastructure (PKI) digital client certificates and S/MIME capable email client software. Email authentication of the originator works by allowing the message recipient to test the validity and identity of the applied digital certificate through the issuing Certificate Authority’s (CA) Online Certificate Status Protocol (OCSP) and/or Certificate Revocation List (CRL). Email client software (e.g. Microsoft Office Outlook®) automatically performs this test, and will alert the recipient if the certificate status test fails. This function enables a recipient to authenticate a digitally signed message with assurance. In reverse, authentication and access control of the intended recipient(s) is performed through the use of public key encryption. An originator can ensure that only the intended recipient will be able to read the message by applying encryption that is Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 5
  6. 6. uniquely decipherable by the recipients’ private key. Here again, the 3rd party issuance of certificates by a reputable CA represents a higher degree of assurance in the authenticity of certificate holders. Working in tandem with other technologies (i.e. encryption and digital signatures) and services (e.g. CA issuance practices) this foundation element provides comprehensive protection throughout the entire email creation, transmission, reception and storage process. Privacy Although email is an essential tool for increasing the productivity and efficiency of employees, it’s susceptible to a wide range of threats – including interception by malicious users. The transmission path over which email is routed and stored can be an exceptionally open and easy invitation to eavesdropping and other malevolent actions. As a result, privacy technologies are needed to ensure that messages are only viewable and actionable by their intended recipient(s). Email privacy protection is also established through encryption wherein the message and attachments are ―scrambled‖ before sending and ―deciphered‖ upon reception. This ensures that the message cannot be easily decoded at any point along its route. End to end (client to client) email encryption rather than, or in addition to, server to server encryption provides a higher degree of privacy, especially when local network intrusions and other insider threats are on the rise. Secure email that is based upon S/MIME (Secure / Multipurpose Internet Mail Extensions) capable email clients and secure email certificates may be used independently but work best within an overall enterprise PKI which can use the same certificate for network and application access controls, as well as for applying encryption and digital signatures to office documents, folders and files on network and endpoint devices. Many businesses also to take advantage of the speed and economy of document workflow processes using certificate-based digital signatures for authoritative approvals. Integrity One of the greatest strengths of electronic media is the ease with which content can be created, altered and communicated. However, when viewed from a security standpoint, these strengths can be a tremendous liability. Business transactions and relationships must be built upon a foundation of trust wherein the originator and recipient rely upon the transmitted information as not having been altered since Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 6
  7. 7. creation. Without integrity, electronically conveyed media cannot be trusted and, in turn, can cause business relationships to suffer. An effective means to establish the integrity of an email message is through a cryptographic checksum procedure called hashing or signing. A secure algorithm is used to create a unique ―hash‖ of the message content that is then encrypted with the originator's private key. The signed hash can only be deciphered and validated by a recipient using the originator's public key. If the hash signature successfully decodes and matches with the original checksum, the recipient can be reasonably assured that the message has not been altered. Digital signatures confirm the integrity of secure email messages as well as the originator’s identity. Digital signatures can also be applied to most other forms of electronic media including word documents, spreadsheets, graphics and other types of computer files as a means for a recipient (or originator) to confirm their integrity since being signed, approved or stored. *Graphic licensed according to Creative CommonsAttribution ShareAlike 3.0 ( Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 7
  8. 8. Non-Repudiation Non-repudiation prevents an individual from refuting the content (obligation) of a document or message that has been cryptographically encoded with their digital signature. Far beyond the scope of this white paper, the enforceability of non-repudiation for business transactions is dependent upon many technical, physical and legal factors. Collectively, however, the key security elements of authentication, privacy and integrity can bolster its enforceability. Further, the authenticity asserted by a third-party validation of the individual to which a signature certificate has been issued, as well as the security of the private key used to create the public certificate from which the digital signature originates, are all crucial to establishing an unencumbered responsibility. Similar to the Post Office, a Document Courier Service or Public Notary, there are third-party eCommerce service providers that are beginning to manage and certify the signature, transport integrity, receipt and opening of high-priority electronic transactions. These services should begin to remove many of the legal concerns that have delayed the benefits and enforceability of non-repudiation in electronic business transactions. Ease of Use This last foundation element is sometimes overlooked, and can introduce significant risk when not adequately designed. Organizations must not only develop sound security measures, they must find ways to ensure consistent employee compliance. Ease of use is necessary to prevent security applications from being willfully or unintentionally circumvented. If users find security measures cumbersome and time- consuming, they are likely to find ways to bypass them— thereby putting your business at risk. Organizations can facilitate consistent compliance through; • Systematic Application - The solution should automatically enforce the security policy, preventing human error, willful abandonment or malicious action. The more transparent the security mechanism, the easier it is for end-users— the more likely they are to use and be protected by it. Ideally, compliance with security polices should eliminate the need for users to read detailed manuals and follow elaborate procedures. Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 8
  9. 9. • Commonality – Strive to find and use security mechanisms that can work across multiple business applications. For example, you can often use the same digital client certificate whether you want to secure email, sign or encrypt documents or files, or authenticate and establish remote communications over a virtual private network. PKI solutions were designed with all of the security fundamentals (Trust, Authentication, Privacy, Integrity, Non-Repudiation and Ease of Use) in mind. Bringing it All Together Beyond being a security deployment intended to protect company assets, the mandatory use and benefits derived from secure email are essential for all businesses. By reducing the level of risk (liability) associated with continuously evolving threats and vulnerabilities, prevention-based security infrastructures must be built upon a strong foundation comprised of elements outlined in this paper. Organizations spend significant amounts of effort and money on implementing solutions ―designed‖ to increase enterprise security, but sometimes neglect the effort necessary to consider how a new technology must integrate with day-to-day user tasks. The evaluation and benefits of any business application or process will always be improved by incorporating user responsibilities and input during the formulation of requirements, and throughout the assessment, implementation and monitoring of solutions. All of the security and secure messaging technologies in the world will have little effect if they lack acceptance, awareness and monitoring mechanisms to compliment their purpose. Begin by fully evaluating the various uses, applications and devices associated with email, as well as the security classifications, destinations (logical & physical) and entities (i.e. internal or external) involved with the information being conveyed. This will allow you to create a ―utilization matrix‖ to assess the impact and risks that could result from any potential vulnerability or threat (e.g. loss, theft, exploitation) to your business. This form of risk management planning is very useful in defining usage policies that complement and reinforce the selection of available technologies. Businesses must act to protect specific legal and operational responsibilities, as well as the value of their continued relationships with partners and customers. Whether secure messaging technologies are currently deployed in an enterprise environment or not, organizations are urged to craft, communicate and enforce email policies. Be Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 9
  10. 10. sure that all usage dimensions are considered, and be fanatical about user awareness and support. This measure, alone, can go a long way in preventing many related threats from harming your business. The Reality of a Secure Messaging Infrastructure Email is a prolific and important enterprise application, one that requires careful security and legal considerations. With email usage and content being a potential risk to an enterprise, security must be purposefully designed and managed. Solutions and policies must be economical, complementary, easy to use and easy to enforce if critical information is to be kept secure. Just as they are a critical, manageable and real requirement for any security architecture, the foundation elements of Trust, Authentication, Privacy, Integrity, Non- repudiation and Ease of Use are key business enablers. “We must plan for freedom, and not only for security, if for no other reason than that only freedom can make security secure.” - Karl Popper About the Author Len Gangi has been awarded scientific degrees and certifications in Electronics Engineering and Business Administration from New York University and Queensborough College. Formally qualified as a Certified Information Systems Auditor (CISA) by ISACA, and as an examiner for the National Quality Award (Malcolm Baldrige) program, Len is an eCommerce services and security professional with extensive business, product and quality management experience. Comments and suggestions are welcome to be received via Len's LinkedIn profile at Secure Messaging: Built on a Foundation of Trust Author Reserves All Rights 10