Discuss how a successful organization should have the followin.docx
Security Built Upon a Foundation of Trust
1. Secure Messaging
-built on a-
Foundation of Trust
Len Gangi, CISA
17 October, 2009
2. “We must plan for freedom, and not only for security, if for no
other reason than that only freedom can make security secure.”
The Open Society and Its Enemies (1945)
Karl Raimund Popper (28 July 1902 – 17 September 1994)
History Often Repeats Itself
Before the Internet was commonplace, enterprise networks were protected by a
strategy developed during the Middle Ages. Just as feudal lords shielded their castles
through the use of moats and drawbridges, security administrators protected their
networks by limiting access to ―trustworthy‖ individuals communicating over private
lines with static firewalls. Both of these approaches focused their energy on preventing
external threats from piercing reinforced and gated perimeters.
Obviously, this incorrectly presumed that valuable assets were always inside the
secured perimeter and that all internal sources could be trusted. Facts speak
differently today with human error, sabotage, policy circumvention and physical theft
headlining the list of data loss events, many of these related to ―trusted‖ users and
confidential data compromised while outside of the corporate castle and its feudal
defense.
A Paradigm Shift
With the Internet having become a utility for businesses and individuals alike,
innovative forms of communications and commerce continue to proliferate at an
unprecedented rate. It is within this highly dynamic and robust environment that we
continuously labor over how best to balance the constructive use and protection of
confidential information, especially that which is transported and stored as email.
The key to building a business enabled network is through a strong foundation based
upon the elements of trust, integrity and privacy. These elements must be pervasive
and transparent, and should operate without having to confront users with complex
technical or procedural security demands. By closely integrating with a user’s daily
tasks we can minimize the perceived need or ability to bypass essential safeguards.
Most importantly, the security of these foundation elements and the information that
they preserve must travel whenever and wherever protection is required.
The Internet has not only raised the importance of security, it has also brought about a
significant paradigm shift in what makes security secure.
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 2
3. The Current Environment
Although the well-accepted perimeter defense continues to have merit in any network
security architecture, businesses must increasingly extend information to remote
employees, partners and customers to be successful. In doing so, corporate data
becomes widely distributed across a diverse range of stationary and mobile computing
devices that have significant storage and networking capabilities. More often than not,
these devices hold confidential information that is not under the direct control of the
business owner. The integrity and privacy of sensitive data deployed across this type
of landscape creates an increasingly complex and spiraling information security
challenge. To say the least, this is a significant management risk for any organization
just as it is a very worthwhile and, in many cases, mandatory security mission.
The Need for Secure Messaging
In the paper-based world of business correspondence, companies rely upon a
number of guarantees for their transactions: confidentiality, that the contents remain
private; authenticity, that the document comes from the individual who signed it;
integrity, that the contents have not been modified since being signed; and non-
repudiation, that an individual cannot refute a signed transaction after the fact.
In electronic business communications these same guarantees remain important,
but must operate with much greater speed and sophistication than paper. As a result
of several high-profile world events underlying the introduction and acceptance of
numerous Information Privacy, Protection and Digital Signature legislation*, the very
notion of what is secure and what is private has fallen under very close scrutiny and
formal government regulation. Businesses worldwide now have a responsibility to
make the protection and integrity of their information and messaging content a priority.
* Sample References:
1) UETA (Unified Electronic Transactions Act) – currently adopted into the laws of 47 US States
and 3 US Provinces. Remaining States have individually created electronic signature laws.
2) Health Insurance Portability and Accountability Act (HIPAA), enacted by the U.S.
Congress in 1996.
3) Gramm-Leach-Bliley Act (GLBA), 12 November, 1999.
4) European Union Directive on Electronic Signatures, 13 December, 1999.
5) ESIGN Act (Electronic Signatures in Global and National Commerce Act) – US Federal Law
as of 30 June, 2000.
6) PIPEDA (Personal Information Protection and Electronic Documents Act, Canadian Law
as of 13 April, 2000.
7) Sarbanes-Oxley Act, US Federal Law as of 30 July, 2002.
8) HITECH Act (Health Information Technology for Economic and Clinical Health Act), part of
the American Recovery and Reinvestment Act of 2009.
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 3
4. Where Complexity Originates
To focus this white paper on business email (messaging), once a casual means of
inter-departmental correspondence between colleagues, we must first acknowledge its
importance and ubiquity as being supported by email having very few limitations on
use, content or network reach. Email is relied upon for timely and accurate corporate
information exchange, supports numerous workflow applications, and is the platform
of choice for a multitude of commerce-enabled services that extend well beyond the
enterprise control boundary.
Recognizing that email can transport large and often un-monitored amounts of
confidential data, and that tampering with un-protected email communications is
relatively easy, organizations are urged to aggressively investigate and manage their
email-bound content.
This is especially important in highly regulated business environments where
numerous government mandates and email-centric court decisions continue to
(re)define corporate responsibilities. Significant legal and financial penalties have
been directly attributable to mismanaged information and email content, making it vital
for organizations to not only understand these issues and risks but to implement
solutions that mitigate their consequences.
Unfortunately, while there is a genuine need for email security, few organizations have
secure email infrastructures, usage policies and monitoring practices in place.
Foundation Elements of Security
When considering any type of business-enabled application or process, enterprises
should plan for the six essential foundation elements of security: Trust, Authentication,
Privacy, Integrity, Non-Repudiation and Ease of Use.
Trust
From a security administrator’s viewpoint, not all users are to be created equal. Each
member of an organization should only be ―trusted‖ with access to information that has
been classified and authorized for use according to their specific functional role,
management status or another approved authorization criteria. For example, a
message sent to a business partner must not contain information classified for use
only by the company’s executive team.
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 4
5. Security administrators implement levels of trust through Role-Based Access Controls
(RBAC) and Group Policies which are typically integrated with corporate directory (e.g.
Active Directory, LDAP) services. In conjunction with Digital Rights Management
(DRM) and/or Data Leak Prevention (DLP) applications, the authorized level of access
required for the use of digitally protected and classified content can be enforced
regardless of location or recipient.
Applying this to secure email, Trust is the overall foundation element established
between the message sender and recipient(s) through an assured, recognizable and
verifiable ―identity.‖ This can be accomplished through the use of identity verified
digital client certificates issued by a recognized and reputable Certificate Authority
(CA). In secure email, Trust is supported by the elements of Authentication, Integrity
and Privacy which are outlined in the next several paragraphs.
Authentication
In general, authentication is used to confirm the identity and authority of an individual
or device prior to granting access to an information or network resource.
Comprehensive and federated forms of multi-factor authentication (e.g. ID / password
supplemented by a digital client certificate or Token/PIN response) are often deployed
in enterprises, especially when remote access to sensitive information is provided to
employees, business partners or customers. Authentication solutions effectively
reduce the risk of information theft or misuse by enforcing access control and usage
authorization policies.
Authentication, as it may be applied to secure email, confirms the identity of a
message originator and message recipient(s) through the use of Public Key
Infrastructure (PKI) digital client certificates and S/MIME capable email client software.
Email authentication of the originator works by allowing the message recipient to test
the validity and identity of the applied digital certificate through the issuing Certificate
Authority’s (CA) Online Certificate Status Protocol (OCSP) and/or Certificate
Revocation List (CRL). Email client software (e.g. Microsoft Office Outlook®)
automatically performs this test, and will alert the recipient if the certificate status test
fails. This function enables a recipient to authenticate a digitally signed message with
assurance.
In reverse, authentication and access control of the intended recipient(s) is performed
through the use of public key encryption. An originator can ensure that only the
intended recipient will be able to read the message by applying encryption that is
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 5
6. uniquely decipherable by the recipients’ private key. Here again, the 3rd party issuance
of certificates by a reputable CA represents a higher degree of assurance in the
authenticity of certificate holders. Working in tandem with other technologies (i.e.
encryption and digital signatures) and services (e.g. CA issuance practices) this
foundation element provides comprehensive protection throughout the entire email
creation, transmission, reception and storage process.
Privacy
Although email is an essential tool for increasing the productivity and efficiency of
employees, it’s susceptible to a wide range of threats – including interception by
malicious users. The transmission path over which email is routed and stored can be
an exceptionally open and easy invitation to eavesdropping and other malevolent
actions. As a result, privacy technologies are needed to ensure that messages are
only viewable and actionable by their intended recipient(s).
Email privacy protection is also established through encryption wherein the message
and attachments are ―scrambled‖ before sending and ―deciphered‖ upon reception.
This ensures that the message cannot be easily decoded at any point along its route.
End to end (client to client) email encryption rather than, or in addition to, server to
server encryption provides a higher degree of privacy, especially when local network
intrusions and other insider threats are on the rise.
Secure email that is based upon S/MIME (Secure / Multipurpose Internet Mail
Extensions) capable email clients and secure email certificates may be used
independently but work best within an overall enterprise PKI which can use the same
certificate for network and application access controls, as well as for applying
encryption and digital signatures to office documents, folders and files on network and
endpoint devices. Many businesses also to take advantage of the speed and economy
of document workflow processes using certificate-based digital signatures for
authoritative approvals.
Integrity
One of the greatest strengths of electronic media is the ease with which content can
be created, altered and communicated. However, when viewed from a security
standpoint, these strengths can be a tremendous liability. Business transactions and
relationships must be built upon a foundation of trust wherein the originator and
recipient rely upon the transmitted information as not having been altered since
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 6
7. creation. Without integrity, electronically conveyed media cannot be trusted and, in
turn, can cause business relationships to suffer.
An effective means to establish the integrity of an email message is through a
cryptographic checksum procedure called hashing or signing. A secure algorithm is
used to create a unique ―hash‖ of the message content that is then encrypted with the
originator's private key. The signed hash can only be deciphered and validated by a
recipient using the originator's public key. If the hash signature successfully decodes
and matches with the original checksum, the recipient can be reasonably assured that
the message has not been altered.
Digital signatures confirm the integrity of secure email messages as well as the
originator’s identity. Digital signatures can also be applied to most other forms of
electronic media including word documents, spreadsheets, graphics and other types
of computer files as a means for a recipient (or originator) to confirm their integrity
since being signed, approved or stored.
*Graphic licensed according to Creative CommonsAttribution ShareAlike 3.0
(http://creativecommons.org/licenses/by-sa/3.0/)
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 7
8. Non-Repudiation
Non-repudiation prevents an individual from refuting the content (obligation) of a
document or message that has been cryptographically encoded with their digital
signature.
Far beyond the scope of this white paper, the enforceability of non-repudiation for
business transactions is dependent upon many technical, physical and legal factors.
Collectively, however, the key security elements of authentication, privacy and
integrity can bolster its enforceability. Further, the authenticity asserted by a third-party
validation of the individual to which a signature certificate has been issued, as well as
the security of the private key used to create the public certificate from which the
digital signature originates, are all crucial to establishing an unencumbered
responsibility.
Similar to the Post Office, a Document Courier Service or Public Notary, there are
third-party eCommerce service providers that are beginning to manage and certify the
signature, transport integrity, receipt and opening of high-priority electronic
transactions. These services should begin to remove many of the legal concerns that
have delayed the benefits and enforceability of non-repudiation in electronic business
transactions.
Ease of Use
This last foundation element is sometimes overlooked, and can introduce significant
risk when not adequately designed. Organizations must not only develop sound
security measures, they must find ways to ensure consistent employee compliance.
Ease of use is necessary to prevent security applications from being willfully or
unintentionally circumvented. If users find security measures cumbersome and time-
consuming, they are likely to find ways to bypass them— thereby putting your
business at risk.
Organizations can facilitate consistent compliance through;
• Systematic Application - The solution should automatically enforce the security
policy, preventing human error, willful abandonment or malicious action. The more
transparent the security mechanism, the easier it is for end-users— the more likely
they are to use and be protected by it. Ideally, compliance with security polices
should eliminate the need for users to read detailed manuals and follow elaborate
procedures.
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 8
9. • Commonality – Strive to find and use security mechanisms that can work across
multiple business applications. For example, you can often use the same digital
client certificate whether you want to secure email, sign or encrypt documents or
files, or authenticate and establish remote communications over a virtual private
network. PKI solutions were designed with all of the security fundamentals (Trust,
Authentication, Privacy, Integrity, Non-Repudiation and Ease of Use) in mind.
Bringing it All Together
Beyond being a security deployment intended to protect company assets, the
mandatory use and benefits derived from secure email are essential for all
businesses. By reducing the level of risk (liability) associated with continuously
evolving threats and vulnerabilities, prevention-based security infrastructures must be
built upon a strong foundation comprised of elements outlined in this paper.
Organizations spend significant amounts of effort and money on implementing
solutions ―designed‖ to increase enterprise security, but sometimes neglect the effort
necessary to consider how a new technology must integrate with day-to-day user
tasks. The evaluation and benefits of any business application or process will always
be improved by incorporating user responsibilities and input during the formulation of
requirements, and throughout the assessment, implementation and monitoring of
solutions. All of the security and secure messaging technologies in the world will have
little effect if they lack acceptance, awareness and monitoring mechanisms to
compliment their purpose.
Begin by fully evaluating the various uses, applications and devices associated with
email, as well as the security classifications, destinations (logical & physical) and
entities (i.e. internal or external) involved with the information being conveyed. This
will allow you to create a ―utilization matrix‖ to assess the impact and risks that could
result from any potential vulnerability or threat (e.g. loss, theft, exploitation) to your
business. This form of risk management planning is very useful in defining usage
policies that complement and reinforce the selection of available technologies.
Businesses must act to protect specific legal and operational responsibilities, as well
as the value of their continued relationships with partners and customers. Whether
secure messaging technologies are currently deployed in an enterprise environment
or not, organizations are urged to craft, communicate and enforce email policies. Be
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 9
10. sure that all usage dimensions are considered, and be fanatical about user awareness
and support. This measure, alone, can go a long way in preventing many related
threats from harming your business.
The Reality of a Secure Messaging Infrastructure
Email is a prolific and important enterprise application, one that requires careful
security and legal considerations. With email usage and content being a potential risk
to an enterprise, security must be purposefully designed and managed. Solutions and
policies must be economical, complementary, easy to use and easy to enforce if
critical information is to be kept secure.
Just as they are a critical, manageable and real requirement for any security
architecture, the foundation elements of Trust, Authentication, Privacy, Integrity, Non-
repudiation and Ease of Use are key business enablers.
“We must plan for freedom, and not only for security, if for no other
reason than that only freedom can make security secure.”
- Karl Popper
About the Author
Len Gangi has been awarded scientific degrees and certifications in Electronics
Engineering and Business Administration from New York University and
Queensborough College. Formally qualified as a Certified Information Systems Auditor
(CISA) by ISACA, and as an examiner for the National Quality Award (Malcolm
Baldrige) program, Len is an eCommerce services and security professional with
extensive business, product and quality management experience.
Comments and suggestions are welcome to be received via Len's LinkedIn profile at
http://www.linkedin.com/in/lengangi
Secure Messaging: Built on a Foundation of Trust
Author Reserves All Rights 10