SAN JOSE, Calif. – Mar. 3, 2015 – On Friday, February 27, Uber revealed it had discovered one of its databases had a point of entry that gave access to unauthorized users. Upon further investigation, Uber determined a third party accessed the database on May 13, 2014 that contained drivers’ names and license numbers of approximately 50,000 drivers across multiple states. Improper storage and security of the database encryption key (left on a publicly accessible page) may have been a major contributing factor in this breach.
Sol Cates is the CSO at Vormetric, a company that provides enterprise data security solutions for physical, virtual and cloud environments. As a sought after-speaker that elevates the industry’s understanding of data security, Sol draws upon his 17 years of experience to assess the breach. Sol has provided the following insight:
“Not all forms of encryption provide equal protection. In this case, an encryption key to a database was insecurely stored, and may have resulted in the breach. Insecure storage of encryption keys is a common problem for full disk encryption as well as OS and database native encryption solutions – most often, these solutions only protect against physical loss or theft and are wide open to attackers who have cracked a network. Attackers are experts at compromising accounts, and then leveraging those accounts to steal unencrypted data and encryption keys that aren’t protected, as in this case.
Encryption with secure key management and access controls to the encrypted data are required. This combination eliminates the problems in this breach with insecure key storage, as well as the potential for privileged users to access the information at the OS level. If the access control is extended to the database and applications using the database, it becomes still more secure. Combined with a SIEM or other solution, it can also find changes in access patterns that may indicate a trusted account has been compromised. This combination might have entirely blocked this breach, and made Uber aware much earlier that an attack was in progress.”
Sol would be happy to discuss his comments and provide additional insight on the breach. Let me know if you would like me to put you in touch with him.
Vormetric provides data-centric security solutions that are designed around the reality that perimeter and endpoint defenses can be penetrated by a determined attack. Our integrated Data Security Platform includes solutions for:
- Structured and unstructured data encryption with access controls at the file system and volume level
- Application level data encryption
- Data access audit logging
- External encryption key management for databases and third party encryption keys
- Tokenization with dynamic data masking
All solutions are available within a single infrastructure and management environment- saving organizations time and money with a single infrastructure set and deployment model. These solutions help organizations limit access to sensitive data without impeding IT operations.
In this case, Vormetric Key Management could have secured the database key within a hardened physical or network appliance accessible only to security administrators (and those administrators would never actually see the key), preventing this breach. If connected to a security information and event management system, the data we supply might also have pinpointed that attackers were trying to access this database – allowing proactive measures to stop the attack before it was successful.
Alternately, tokenization could have removed the actual driver’s license numbers, stored them in a secure vault elsewhere, and replaced them with a “token” in the same format – Once the database was compromised, no drivers licenses numbers would have been breached.
Vormetric (@Vormetric) is the industry leader in data security solutions that protect data-at-rest across physical, big data and cloud environments. Vormetric helps over 1500 customers, including 17 of the Fortune 30, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading solution set.
For more information:
SHIFT Communications for Vormetric