4
Home | About Us AccessMyLibrary Browse C Computer Technology Review JUL - 04 Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore) COPYRIGHT 2004 West World Productions, Inc. Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore) Publication: Computer Technology Review Publication Date: 01-JUL-04 Author: Brown, Kevin Ads by Google PDF to Image Conversion Convert PDF to Bitmap TIFF, JPEG, PNG, BMP, RAW, etc. Car Rental - Avis Enjoy Faster Reservations & Rentals Lowest Mileage Cars, Special Offers Free IT Policies Info Browse Our Technology & IT Articles Online. Subscribe to Weekly Report! Business Continuity Plan BCP/DRP Word Template $389 189 pgs CFO says "This saved our company"! Email this article | Print this article COPYRIGHT 2004 West World Productions, Inc. Over the centuries, military and intelligence organizations have developed sophisticated doctrines and procedures relating to physical and information security. These doctrines address a range of concerns including ambush, spies, maneuver, counter- intelligence, mutiny and force protection. Today's enterprises and government agencies have migrated to highly networked computing systems, with nearly all critical functions reliant on computing resources. This evolution has delivered higher productivity, but at the same time has created dramatically higher exposure to electronic attacks. Concern over information assurance has never been higher, and the range of acknowledged threats is growing: disgruntled insiders, viruses/ worms, corporate espionage, script kiddies, cyberterrorism, and information warfare in conflicts of the future. In many senses, computer security already resembles a guerrilla war. Today, largely invisible enemies launch daily attacks on nearly every major corporation and government agency, and rapidly adapt their tactics to address countermeasures. This article highlights a number of time-tested military principles that can be applied by corporations and other organizations to prepare for such electronic warfare. MULTI-LEVEL SECURITY: Intelligence organizations use MLS to manage and streamline access to data. By classifying each piece of data, and establishing the related levels of trust among individuals (e.g., unclassified, secret, top secret), these organizations balance Page 1 of 4 Applying military insights to enterprise data security: the application of time-tested milita... 8/18/2008 http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM

Applying Military Insights To Enterprise Data Security

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Applying Military Insights To Enterprise Data Security

Home | About Us

AccessMyLibrary Browse C Computer Technology Review JUL-04 Applying military insights

to enterprise data security: the application of time-tested military approaches can help address evolving

computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore)

COPYRIGHT 2004 West World Productions, Inc.

Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore)

Publication: Computer Technology Review

Publication Date: 01-JUL-04

Author: Brown, Kevin

Ads by Google

PDF to Image Conversion Convert PDF to Bitmap TIFF, JPEG, PNG, BMP, RAW, etc.

Car Rental - Avis Enjoy Faster Reservations & Rentals Lowest Mileage Cars, Special Offers

Free IT Policies Info Browse Our Technology & IT Articles Online. Subscribe to Weekly

Report!

Business Continuity Plan BCP/DRP Word Template $389 189 pgs CFO says "This saved our

company"!

Email this article | Print this article

COPYRIGHT 2004 West World

Productions, Inc.

Over the centuries, military and

intelligence organizations have

developed sophisticated doctrines and

procedures relating to physical and

information security. These doctrines

address a range of concerns including

ambush, spies, maneuver, counter-

intelligence, mutiny and force

protection.

Today's enterprises and government

agencies have migrated to highly

networked computing systems, with

nearly all critical functions reliant on

computing resources. This evolution

has delivered higher productivity, but

at the same time has created dramatically higher exposure to electronic attacks. Concern

over information assurance has never been higher, and the range of acknowledged

threats is growing: disgruntled insiders, viruses/ worms, corporate espionage, script

kiddies, cyberterrorism, and information warfare in conflicts of the future.

In many senses, computer security already resembles a guerrilla war. Today, largely

invisible enemies launch daily attacks on nearly every major corporation and government

agency, and rapidly adapt their tactics to address countermeasures. This article highlights

a number of time-tested military principles that can be applied by corporations and other

organizations to prepare for such electronic warfare.

MULTI-LEVEL SECURITY: Intelligence organizations use MLS to manage and streamline

access to data. By classifying each piece of data, and establishing the related levels of

trust among individuals (e.g., unclassified, secret, top secret), these organizations balance

Page 1 of 4Applying military insights to enterprise data security: the application of time-tested milita...

8/18/2008http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM

Page 2: Applying Military Insights To Enterprise Data Security

risk with speed of information sharing.

Typically, civilian organizations lack the same discipline around information sharing. For

organizations that deal with sensitive or regulated data, a more structured approach to

assessing trust and granting access can be used to more tightly manage risk.

COMPARTMENTALIZATION: This principle is reflected in nearly every aspect of military

organizations. For example, a captured special ops team does not know the locations of

other units, in order to minimize risk. Often, analysts and planners have access to only a

subset of the "whole picture" and, similarly, a submarine uses physical compartments to

contain the damage from a hull breach.

With the move towards aggregated and networked storage, non-military organizations are

increasingly at risk of massive breaches. In fact, a single breach of networked storage can

yield terabytes of data and in many cases can be executed without detection. By using

physical or cryptographic compartmentalization, organizations can reduce the exposure of

any single breach. Typical approaches include compartmenting information by functional

area (Finance, Engineering, Executive), by business unit, or by customer.

NEED-TO-KNOW: Military planners understand that the risk of leaks increases

exponentially with the number of people who have information. Accordingly, sensitive data

is distributed to only those who need it, and access to data is documented and audited.

According to the FBI, 50%-80% of electronic attacks originate inside the firewall. Even

though the vast majority of employees are honest and trust-worthy, a single hostile

individual can inflict massive damage. Instead of starting with the assumption that all data

should flow freely among employees, organizations should invest in processes and

systems to manage access to sensitive data, and ensure accountability. Fine-grain access

controls can be used to provide flexible access to the data without disrupting user

workflow or applications.

[ILLUSTRATION OMITTED]

CRYPTOGRAPHY: As early as the Roman Empire, military organizations have used

cryptography to protect sensitive data. Traditionally, cryptography was applied primarily

to communications and data in flight; increasingly, sensitive data at rest is being

protected with cryptography. For highly networked environments facing a variety of

external and internal threats, cryptographic security is a necessity.

In today's networks, the volume of data in transit (megabytes) is dwarfed by the volume

of data in storage (terabytes). Computer security experts increasingly recommend

encryption for protecting stored data.

DEFENSE IN DEPTH: Realizing that any single layer of defense can be defeated, military

and intelligence security experts typically deploy layered defense strategies.

In light of the growing insider threat, and the growing number of holes in the network

perimeter (VPNs, contractors, partner networks), enterprises can no longer assume that

their firewall or intrusion detection system is sufficient. Critical data and systems must be

compartmentalized and protected within the perimeter. This is a challenging proposition

since certain insiders, typically IT administrators, enjoy "super-user" privileges and

unlimited access to data and systems. Organizations should closely review their

infrastructure and implement security in layers, ensuring that sensitive information is fully

protected.

CONCENTRATION OF FLOW: Military checkpoints and border crossings funnel all traffic

through aggregated control points. These locations typically have a concentration of

security forces, and the ability to authenticate and document all traffic.

Simplicity equals security. Many system vulnerabilities today stem from complexity;

administrators cannot watch all of the different attack vectors. Security approaches that

can simplify the security model and close down attack vectors can reduce an

organization's risk of attack, while improving the chances of catching the attacker. Best

case scenario: one way in, one way out.

ROLE SEPARATION: Many military procedures include checks and balances among

multiple individuals to ensure that no single individual can sabotage or usurp the mission

of the organization. Critical functions such as nuclear weapons command or air strike

operations require multiple people in different functions to concur and approve an action.

Organizations with sensitive data may wish to eliminate single points of vulnerability, but

many security managers today find that they do not have the tools to extend security

policies into the storage infrastructure. Implementing role separation can help. For

example, an IT organization may establish separate roles for security administrators and

Page 2 of 4Applying military insights to enterprise data security: the application of time-tested milita...

8/18/2008http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM

Page 3: Applying Military Insights To Enterprise Data Security

system administrators. Access to sensitive customer data, or sensitive administrative

changes to systems, should require approval from multiple functional managers.

TWO-MAN RULE: This is a corollary to the Role Separation doctrine. For critical operations,

two individuals must exercise authority to act. The classic example: nuclear silo operators

turning two keys simultaneously to launch a missile.

Critical systems should never be designed with single points of failure or vulnerability. For

sensitive operations, such as accessing archived data or recovery of failed systems, a

quorum of trusted employees can be used to ensure that no individual can defeat security.

TWO-FACTOR AUTHENTICATION: Access to secure facilities almost always requires both

knowledge (what you know, e.g. passwords) and official identification (what you have).

Increasingly, token-based or biometric systems (who you are) are used to prevent forgery

of credentials.

For sensitive systems, traditional username/password mechanisms are too weak. Humans

are simply not good at choosing strong passwords, and there are many well-known

instances of this sort of attack. In the case of computer systems, administrative functions

are the most sensitive, because they typically enjoy access to all data and security

measures. Implementing two-factor authentication methods can significantly reduce the

possibility of common spoofing attacks.

KEY ROTATION: Physical and cryptographic keys are regularly rotated to limit the duration

of exposure in case of a breach. Following a confirmed or suspected breach, keys can be

instantly revoked or invalidated.

Enterprise and government security systems must have the infrastructure to regularly or

instantly rotate keys, including both physical tokens and electronic or cryptographic keys.

This infrastructure includes mechanisms for cataloguing the database of keys needed to

access archived data.

KILL-SWITCH: In military practice, it is common to protect systems that can be physically

breached or overrun with some type of kill-switch mechanism to instantly destroy

sensitive data or technology. The U.S. spy plane that was forced to land in China provides

a good example of the need for electronic kill-switch capabilities.

Computers and storage systems that are physically insecure pose a difficult challenge to

enterprises as well. Even the best firewall settings are irrelevant if an attacker can simply

remove terabytes of cleartext data on disk drives. For physically insecure systems, it is

advisable to make the default state of data secure, using encryption. Smart cards and

cryptographic keys can be destroyed much more quickly and reliably than terabytes of

cleartext data.

DOCUMENTATION AND AUDITING: Military organizations are notorious for extensive

paperwork and documentation. However, when dealing with sensitive information that

could cost lives or lose a war, this layer of accountability and deterrent is a smart

investment.

Organizations must find ways to automate and harden their systems that track access to

sensitive data. In the case of typical Unix and Windows systems, electronic logging and

auditing functions are easily defeated by any user with "root" or administrator privileges.

Secure logging and auditing systems that are tamper-resistant and cryptographically

signed add a layer of deterrent on top of actual security.

Organizational Implications

Security-conscious organizations must create processes to constantly evaluate systems,

evolving attack tactics, and overall risk profile. Several practical implications emerge:

* Designate a "Chief Security Officer" that has the training and resources to manage

security on an ongoing basis. Security is a process, not a one-time project.

* For individual operating units, designate a trusted "security administrator" to manage

sensitive systems that protect the overall organization. For smaller organizations, this role

may overlap with other responsibilities, but ideally this role separation can create checks

and balances for administrative staff. Use strong authentication to ensure the integrity of

this role separation.

* Design systems that can shield sensitive data from administrators. In light of the

growing insider threat, and the almost unlimited system privileges that root users enjoy,

this is a major exposure point for every organization.

Page 3 of 4Applying military insights to enterprise data security: the application of time-tested milita...

8/18/2008http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM

Page 4: Applying Military Insights To Enterprise Data Security

Centuries of experience, high stakes, and organizational discipline have helped military

and intelligence organizations create sophisticated security doctrines. The design and

execution of these doctrines is never perfect, but they nonetheless hold valuable lessons

for organizations that are increasingly sensitized to the importance of security. Through a

combination of strategy, process, and systems, civilian organizations can use these

lessons to make profound improvements in their security posture.

www.decru.com

[c]2004 Decru, Inc.

Used by permission.

Kevin Brown is vice president of marketing at Decru. Inc. (Redwood City, CA)

More Articles from Computer Technology Review

Continuous data access: enterprise-level high availability using iSCSI... July 01, 2004 SAS: now and in the future.(Connectivity)(Serial Attached SCSI)(Panel ... July 01, 2004 Storage infrastructure requires defense in depth.(Disaster Recovery & ... July 01, 2004 The cost benefits of a SAN: an analysis of total cost of ownership (TC... July 01, 2004

© 2008 Gale, a part of Cengage Learning | All Rights Reserved | About this Service | About The Gale Group, a part of Cengage Learning Privacy Policy | Site Map | Content Licensing | Contact Us | Link to us

Other Gale sites: Books & Authors | Goliath | MovieRetriever.com | WiseTo Social Issues

Page 4 of 4Applying military insights to enterprise data security: the application of time-tested milita...

8/18/2008http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM