Earlier this week, I came home from work, only to find my wife hanging up a framed picture that I was remiss in not getting to. The scene was not what I expected. In efforts to get the picture hung, my wife was using the heel side of a boot to drive the nail into the wall upon which the picture would hang. Clearly this was not the best idea because instead of just doing the job correctly, the nail was bent in the wall and a huge heel mark from the boot was now on the wall. The heel of the boot did not get away unscathed either. The effort while admirable, did not have an ideal outcome for the simple reason that the tool used to complete the job was not ideal.
In thinking about this incident, I began to realize how often we use a tool that was designed to solve a particular job, but was adopted for another job with the less than desired results. In relating this to security, it becomes super tempting to simply leverage one security technology that has worked in one area and apply it to another security problem. Consider the use of encryption to secure an organizations most valuable asset namely its data. Full disk encryption which is ideal for securing laptops is widely adopted because it provides encryption at the hardware level and thus is protocol agnostic. FDE works by automatically converting data on a hard drive into a form that cannot be understood by anyone who doesn’t have the key to “undo” the conversion. Without the proper authentication key, even if the hard drive is removed and placed in another machine, the data remains inaccessible. FDE provides protection only when the drive is powered down. This is why FDE is primarily used for laptops and other small computing devices that can be physically lost or stolen because one key is used to encrypt the entire hard drive.
Due to its success in securing endpoint devices, many organizations deployed or considered deploying FDE to their data center to help secure the data; the right tool, but in this instance, it is being used for the wrong job. As noted FDE works on endpoints, because if the device is stolen the data cannot be used. This is a rare if ever instance at the datacenter. Moreover, once the device is powered up (as is the case with typical datacenter gear), FDE affords no protection. FDE offers no auditability or protection from advanced persistent threats, malware or rogue insiders such as administrators.
Knowing when to use the right tool ultimately defines the success or failure of the project. Aberdeen Group recently released a research report which sheds light on the encryption options which organizations looking to secure their data can leverage. It provides specific detail on Full Disk Encryption and File Level Encryption – and when to use which. Having the right tools in the toolbox is only half the battle, the other is when to leverage which; and the success of the project. Now, you’ll excuse me while I get rid of the bootprint.