Security efforts allowing corporations to limit use of critical data have long been the topic of discussion and conjecture. Understanding the true nature of data may provide the key to effective solutions.
A Whitepaper by Stephen Northcutt and Ken Steinberg
Everything stored on your computer can be divided into exactly two categories: applications and data. Applications do the work and data is what they work on. Data is by far the more valuable. A case can be made for the value of individual applications, but in reality it is the algorithms they employ, not the applications themselves, which are valuable.
Most business people and technology professionals will agree: data is king. Whether in government, banking, telecommunications, medical imaging, manufacturing process control or transportation the secure use of electronic data is the lifeblood of a global economy.
Data can be further divided into two very distinct categories: inward facing and outward facing.
Inward facing data is that information, often proprietary in nature that allows a company to produce its goods and services. This data is used internally by employees and the company’s various business components. Efforts are made to ensure that inward facing data does not leave the organization.
Outward facing data is that private information that the company uses to compete in the marketplace. This “portable” or “mobile” data may be used in sales, customer service and analytical functions that are often used by employees outside the confines of the company proper. The data stored on the laptop of a salesperson is an example of outward facing data. It may be just as sensitive as inward facing data, but it probably is exposed to higher risk.
This distinction is particularly important to security professionals as the large number of data breaches in recent years bear witness to the fact that many security professionals do not understand the implications of the differences between protecting inward facing data and outward.
While there are occasions when applications themselves need to be secure, more often than not, it is the securing of data that has the biggest impact on business continuity and profits. To achieve this, the successful security officer needs to focus on only two actions—keeping inward data inside and outward data from being acquired, compromised and/or coerced while outside of the corporate environment.
Further confusion occurs, when security professionals seek solutions that facilitate successful information assurance but fail to take into account real-world conditions. These errors result in the inevitable selection of a tool set that becomes burdensome to both the corporation and the operation of its computing systems. These implementations may survive a few years but are ultimately removed due to their disruptive effect upon the business environment and culture. We predict that many of the organizations rushing to employ full disk encryption today will be retiring these solutions a few years from now.
Whole disk encryption will protect against system loss.
The knee-jerk reaction of most IT professionals, when asked to secure portable information, such as laptops, is to blanket an entire system in encryption. This appears, at first blush, to be the “easy and simple answer.” What is often miscalculated is the inherent danger of key management. Whole disk encryption requires that a set of keys be distributed with the encrypted system so that the core applications can subsequently be unencrypted before the system can run. Transportation of an encryption key with the encrypted information provides opportunity for the encryption to be broken. It is unlikely anyone will find a way to brute decrypt AES 256 encrypted information, but the four digit pin that protects the encryption key is not as much of a challenge to attack
Shipping the key with the encryption set, or making the safety of the encryption key reliant on the user of the system, also puts the user at risk of harm. Depending upon the attacker’s level of intent, knowing that the user can provide critical parts of the key, may result in direct or indirect (family members, etc.) threats of harm in order to obtain key information. In all cases it is better that the user has no knowledge of the key or its seeds.
There will be a huge performance penalty to be paid.
Encryption of common applications is a performance impacting and unnecessarily burdensome action. Encryption of data, not common applications, mitigates the performance degradation as the operating system is not subject to decryption.
The additional and unfortunate issue with encrypting application sets is failure recovery. When encryption fails or keys are corrupted, unless there is a recovery mechanism, the whole system is lost. Once corrupted, it is even more difficult to get the system into a working state in order to recover the data.
System encryption will not keep data from being stolen.
Hiring employees and consultants implies a level of trust. Trust, in security, implies access. In order to conduct business employees must have access to unencrypted information. Encryption is therefore unable to protect the data when it is being used.
All encryption efforts must be enhanced with data access logging and data copy protection.
Data Proximity – Security that enables data at work.We can apply our understanding of inward and outward facing data, encrypted data at work as well as endpoint security and devise a solution based on Data Proximity. Data Proximity is the ability to access secure data while “proximal” (in the proximity) to the workplace without the worry of key mobility, the overhead of full system encryption, and outward data loss.
Data Proximity provides an encrypted data store on each system into which any type of data file can be placed. Once placed in the data store, the file is encrypted and can only be accessed while the system itself is within connected proximity to the enterprise work environment. The key necessary for opening the encrypted files can only be accessed when the system is connected to the key store manager which is responsible for key storage and randomization. Placing and retaining the key store within the corporate infrastructure removes the issue of key mobility and adds the extra security of randomization. Keys are never written to the disk of a client and are therefore not available away from the workplace.
This approach is further enhanced by the extensive logging of actions on data (read, writes, deletes) and the disabling of memory-sourced data copies. Many applications will leave data memory or scratchpad residue, allowing the user to make untracked copies of data to other unknown data files.
Data Proximity is designed to be a lightweight information security solution that supports a mobile workforce without negatively impacting their ability to be productive. When an employee is at work, they should be able to work. When they are mobile, the ability to access and use data should not be impeded, but the company’s information must be safe from intentional and unintentional security risk.
SummaryWhole Disk Encryption:
Data Proximity: