Safeguarding the Enterprise


Published on

Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Safeguarding the Enterprise

  1. 1. 1 Safeguarding the Enterprise: a new approach Sanjay Sahay Introduction Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop. Facts & Challenges Research shows that 55% of the breaches requires months to years to contain (Verizon 2010 Data Breach report), 16% of breaches are discovered via active and deliberate action. Only 24% of APT malware is detected by an anti-virus solution. (Mandiant 2010) Logs are at the heart of monitoring and use of logs for the right purpose and in the right directions can come handy immensely. Mining of logs throws up data which the professional can make a meaning of. The signs are there, we just need to get better in recognizing them. This is the challenge of safeguarding the enterprise. “We watch these attackers and we know them. Some are very fast moving…, if you lose track of them in your system, you can lose them for months if not forever. The impact of damage cannot be gauged at a later date and real impact would remain unknown forever. This brings us to the primary question of why safeguard the enterprise. The enterprise has to be safeguarded primarily for two reasons the first being the physical security, it cannot exist in a vacuum and the second being the safeguarding of the data. Structure During the course of this article I will take you through my definition of a safeguarded enterprise, the new approach – Gartner White Paper, goals, security risks and key success factors, security architecture, data center, connectivity and application, application data security life cycle, security information and event management, single sign on, the future- cloud computing and the final thoughts based on the discussion gone through this article.
  2. 2. 2 What is a safeguarded enterprise Safeguarded Enterprise is the sum total of a clear – cut perception, appropriate/integrated planning, documentation, meticulous execution ad dynamic/robust maintenance of enterprise security policy at awareness, attitudinal, physical, systems, processes, application and data dimensions throughout the enterprise creating a near fail safe enterprise. Silo Silos have ruled the world till we realized what a silo is and the way it feeds like a termite on a system, which is an integrated system, for namesake. So was the case of security in the Enterprise Business Architecture. Business, information and technology (BIT) were the three components. The new approach emanates from a Gartner White Paper in the year 2006 titled ‘Incorporating Security into the Enterprise Architecture Process’. This led to the creation of Enterprise Information Security Architecture with four critical components of Business, information, technology and security (BITS). BIT changed to BITS and security became a design component itself. S E a new approach Enterprise Information Security Architecture • Architecture• Architecture • Architecture• Architecture Business Information SecurityTechnology
  3. 3. 3 In the midst of the clamor for a fail safe data regime which would be nonetheless be a mirage, the importance of physical security should not be diluted. My visit to Indian IT companies in Bangalore has helped me confirm by belief that physical security stands at par with data security though the two are distinctly different thought processes, are different in execution and would remain to be complimentary for all times to come. 9/11 has been a watershed in modern human history, the location of the Taliban attack Ground Zero as is its called was a rubble of what was best of the companies in the world housed in the World Trade Center towers 1 & 2. Whatever come may… physical security will always count, whether on land, in air or on water. This does not in any way bring down the importance of the Disaster Recovery process of our state of art data centers which were able to retrieve nearly all the data which was physically located on the servers and computer systems in the two ill fated buildings. Goals The goals of Enterprise Information Security Architecture is to provide a structure that is coherent and cohesive. As the business motive is predominant in a business enterprise, the business to security alignment in critical. Any disconnect would be critical to profitability and at times to the existence of the enterprise itself. The details ought to neatly spelt out, top down which should be synchronous in itself and synergize with the business strategy. At the end of the day, this approach helps establish a common language for information, for its free flow, clarity of communication and timely and effective response mechanism for information security within the integrated enterprise. Risks The common risks which the enterprise faces today is all too well known. This can broadly be summarized as mentioned below: Email attachments VPN Tunnel vulnerabilities Blended attacks Diversionary tactics Download from websites Supply chain and partners added to the network Microsoft’s SOAP
  4. 4. 4 Renaming documents Peer to peer applications Music and video browsers Key Success Factors Awareness of the impending danger is the initiation of diagnosis and objective diagnosis can only lead objective treatment and maintenance of a healthy enterprise both form the point of view of physical and data security. Security awareness in all its dimensions creates an environment where all success factors fall in place like a jigsaw puzzle, the people, the processes and technology. One the security awareness human platform are the two main technical components of Network Security and Application Security. Operating system security, Patch and AV management and SIEM are the three components of the final layer which can be termed as the operating, functional and the analytical layer. Security Architecture The key success factor is the synergy of People, Processes and Technology creating a seamless security architecture which is optimally functional and has the capability to propel the enterprise to the next level. The people part comprises of user awareness, guidance, administration and effective monitoring of the system. The processes part comprises of policies, standards, guidelines and audit capabilities. Last and the most important component in a technology driven world is technology itself manifested by the use of IPS, Firewall, AV, DLP and SIEM. Defense of Depth “Defense of Depth” is a concept used to describe layers of defense strategies. The components at each layer work in tandem to provide one cohesive security mechanism. This layered approach also helps localize the impact if one element of the mechanism is compromised. The defense of depth layers concentric circles begins moving outwards with the Data at the bull or the innermost circle. The circles from the innermost to the final outside circle are data, application, host, internal network, perimeter, physical and policies, procedures and awareness.
  5. 5. 5 At the Core Data Center, Connectivity and the Application are at the core of the enterprise security. The main purpose of a data center is running the applications that handle the core business and the operational data of the organization. Secure application usage is the key to the creation of a secure enterprise. Secure connectivity is the backbone. The Karnaktaka State Police broadband networking is a intranet named KSPWAN which is a combination of 39, 2 Mbps MPLS leased lines for big offices, 512 Kbps 1400 VPNoBB connections covering all police stations and small offices and 8Mbps internet leased line with and aggregation bandwidth of 32 Mbps working as a single network of 5000 computers across the state working out of a single server located at the KSP Data Center. The choice of intranet over internet is the first decision towards security of the enterprise which is slowly becoming the norm in enterprises across the globe.
  6. 6. 6 S E a new approach KSP Connectivity Application/s is at the heart of the enterprise. An ERP created for the enterprise aligns to all its tasks and activities also takes care of all the staff functions which run co-terminus with the business functions. Secure ERP on an intranet is what we are all heading for. The Application Data Security Lifecycle (ADSL) SE a new approach The Application Data Security Lifecycle Assess Set Policies/Controls Measure Monitor / Enforce The Application Data Security Life Cycle
  7. 7. 7 The diagram clearly elucidates the role of different components of the ADSL. The lifecycle as is the case with concept and process starts with the assessment encapsulating the configuration/usage of servers and data, test configuration, evaluate the inherent risks and also assess how and by whom the data and applications are used. Setting polices and controls is the subsequent task. The policies should be automatically created considering the right mix of business and security considerations with the flexibility to adapt to user changes and support granular policies and controls. Monitoring and enforcing is more important than creating the policies itself. The separation of duties should be ensured simultaneously with user accountability. The transaction details should be in a comprehensive manner and alerts and blocks should be resorted to in real time. Measure is a tool, an utility which provides the appropriate usage, levels of effectiveness and the depth of the impact of the system put in place which is conducted by way of built in and custom reports, roll up and drill down data, security event analysis and the compliance workflow. Security Information & Event Management (SIEM) SIEM, an intelligence platform helps safeguard the business by giving complete visibility into the activities across the IT infrastructure. It fulfills the functionalities which would be not be emanated out of single activity logs and without this software system no correlation can be mapped or understood leave aside taking any correctional action. Logs are the cornerstone of all activities and making meaning of the logs as per our requirements is the real professional tool. The functionalities being attended to by this software are asset discovery, threat detection, vulnerability assessment, event collection, correlation, event management and log storage. The SIEM capabilities comprise of data aggregation, correlation, alerting, dashboards, compliance and retention. Single Sign On Single Sign On, SSO, is a property of access control of multiple related, but independent software systems. Conversely, Single Sign Off, is the property whereby the single action of signing out terminates access to multiple software systems. The benefits we derive out of this system are as follows: More secure Reduces password fatigue Reduces time spend for re-entering passwords
  8. 8. 8 Reduces IT costs – helpdesk calls pertaining to passwords etc Security on all levels of entry/exit/access to systems Centralized reporting for compliance adherence Cloud – The Final Frontier Cloud computing has turned out to be the final frontier as on date, with advantages to so many but procedurally and technically still not seeming to full secure. Enterprises my still take sometime to switch over to complete cloud environment. There are large number of security issues/concerns associated with cloud computing which can grouped into two, firstly security issues faced by cloud providers and secondly security issues faced by their customers. The provider must ensure that their infrastructure is secure and client’s data and applications are protected. The customer must ensure that the provider has taken proper security measures to protect their information. Cloud - Virtualization The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers of a public cloud service. Virtualization alters the relationship between the OS and the underlying hardware – be it computing, storage or even networking. The use of this technology introduces an additional layer – virtualization – that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software. While the concerns are largely theoretical, they do exist. Challenges What we are witnessing today is advanced cyber threats are advanced cyber threats, collaboration is the key in dealing with them. No single organization can respond positively given the nature of the challenge posed on enterprises today. There is need for the creation of an Advanced Cyber Security Center (ACSC) for cross sector collaboration organized to help protect the country’s enterprises from the rapidly evolving advanced and persistent cyber threats. ACSC would strengthen short term defenses and long term capability. Actionable intelligence to bolster an organizations defense in the short term and generate new defensive strategies and R&D in the longer term would be the logical guiding principle.
  9. 9. 9 The near term results would be application of front line analytics, medium term results would be the application of New “ Predictive Analytics” Development and the long term results would true Research & Development which would throw up innovative security solutions for the enterprise. Though it would time taking yet it would be worthwhile to leverage on sustainable and continuous research improving the enterprise security by leaps and bounds. The other challenges include cloud computing with virtualization which I have already discussed in detail. With mobility becoming the order of the day, this would remain an area exclusive concern and most gadgets would be internet enabled where compromising security is easier than in a closed environment. Country standards are a must and only international benchmarking which is generally not enforced can be relied upon completely. The protocols so created, which would have the sanctity of the law would be universally enforced to bring into existence a business enterprise regime in this country thriving on its protocol and enforcement and the enterprise relying on the BITS architecture wherein security would be a design element from the stage of the concept itself. Secure software with all inbuilt security features has been be emphasized all throughout this article. Conclusion Complexity is our life and making it simple our goal. Technology gains the highest end with simplistic products and services. The complexity of IT security gets confounded with innumerable applications, the processing power, the world wide web interface, cross enterprise collaboration and the like. Cloud computing, though in its nascent stage has thrown a major challenge to IT security, the success of which would be epochal and the IT services would take a well deserving leap forward.