Guest authored by Tom Evgey, Sr. Security Analyst at Virtustream
The RSA conference in San Francisco, CA, is certainly one, if not the largest network security conferences in the world. Rows upon rows of vendors attend showcasing the latest and hottest tools and services in the industry in an effort to convince you to buy their ultimate solution for protecting your closest assets. Buzz-words like SIEM integration, log correlation, cloud security and forensic analysis were on almost every flyer; long lines of the security field’s finest, crowded around in search of that one solution that will put all of us “enemy of the state” enthusiasts at ease.
Perhaps, as we each head back filled with promotional material and swag, we’ll take a closer look at some of the capabilities that each of the vendors had to offer. And hopefully, we’ll find something we can bring back to our own environment and integrate it into our own security mission in an effort to proactively prevent the next big hack.
Securing The Perimeter
The common strategy has long been protecting our assets from the outside in. We utilize firewalls, Intrusion Detection System (IDS), proxy, maybe a Web Application Firewall (WAF) and Anti-Virus (AV), all perimeter based.
Perhaps if we’re really paranoid, we install a host-based IDS. We run our weekly or monthly scans, we have a log correlation system to collect our logs, we have HTTPS running and OTP protecting ALL of our applications, and, every once in a while, we test our ‘Incident Response Plan’ to check our readiness. But is that really the correct approach? I don’t think anyone would argue that the companies who have been breached in the last few months were lacking any of the above methods. Still, we hear about these large-scale attacks, week after week, with a cloudy forecast for more attacks. So what ARE we doing wrong?
As a Cloud Service Provider, we have a unique challenge at Virtustream. We manage massive amounts of customer data. Our clients are all using our processor power, disk I/O, network packets and memory resources and their consumption gets reported on by the minute, based on need and environment, and all while maintaining Confidentiality, Integrity and Availability (CIA)and staying current with every compliance framework. We need to find the right balance of protecting our customer data and Intellectual Property (IP), while providing accessibility to our user base... all at a very competitive price. It starts with a simple login to our web portal all the way to large scale cloud bursting.
So, how do we protect our data? What is the missing component in our security strategy? How do we maintain the integrity of our data without losing that accessibly? If you guessed “getting another scanner or IDS with every bleeding edge signature” or yet another firewall you should reconsider (and maybe take another quick glance are the article’s title).
The answer is encryption. Encrypting our data ensures WE have the keys to our assets, no matter where the data goes.
Here at Virtustream, we leverage the capabilities of Vormetric Encryption. Not only is the data encrypted and protected from any inbound threats, Vormetric takes ‘access as needed’ to another level. As part of a policy, it can restrict any user from accessing the data, by way of encryption. The prompt of ‘access denied’ now has a new meaning.
Encryption of the data is a must in any environment. It will be the one tool that will save the day when all other tools have failed. It will save the day when the marketing manager accepts a ‘LinkedIn’ invite which redirects to an HTTPS site hosting malware. It will save the day again when someone in finance opens a PDF file containing embedded malicious code. All of these scenarios, as I’m sure you know, happen every day. Our weakest links are always internal. Who does port knocking anymore, or IDS evasion, or tries to bypass the firewall when a simple, cheap email with a scandalous or believable subject line is all it takes to get cracked wide open? Risks mostly come from inside and encryption can prevent the access to data, even in the case of a breach.
We live in a fast evolving environment, where everything is changes rapidly and we try diligently to stay one step ahead of the attackers. The challenge is that we have to be right EVERY time, while they only have to be right ONCE.
So, my suggestion to you is to brighten up your cloud forecast with some encryption. You’ll be glad you did!
Sr. Security Analyst