Tools and Technologies Available for Information Security
The discipline of Information Security provides for management-level oversight of the following:
- Access control (identity management, authentication, and permissions)
- Operations security (configuration management, backup, leakage management, media handling, disposal)
- Intrusion detection
- Code management
- Communications confidentiality and integrity
- Training and awareness
- Incident reporting and response
Since most if not all of your data storage, transmission, and processing is done with computing technology, you will look to technological tools to ensure its protection from exposure, corruption, or loss. And as the value of your data and your operating environment grow in size and complexity, you will look to more sophisticated and effective technology to assist with your information assurance.
For the most part, these solutions cannot simply be purchased like you might buy laptops or tablets for your employees. To be effective, the product must be matched to your requirements, and then sized, deployed, managed, and maintained by experts. And users may need training as well.
Technological Tools for Information Security
Modern endpoint protection software is a combination of intrusion detection systems (IDS) and what we in the past called "anti-virus" software. It is installed on each user's laptop or mobile device, to monitor for malicious software (malware) that may infiltrate the device. This is tremendously important, as the largest entrypoint for successful information security breaches is through users' actions on their devices that results in downloading malware.
It works by scanning any files downloaded through a web browser, e-mail, or an attached storage device. It looks for known malware, as well as unknown malware, which can be identified by certain aspects of the program code that do not appear in legitimate software. And for malware not detected by those methods, it can block malicious actions by observing everything programs do and reacting to actions that a legitimate program would not take.
This is available retail, and even for free. However, any business with more than a handful of users should acquire paid business-grade endpoint protection software, which is deployed and configured from a centrally managed console, for maximum effectiveness, particularly in monitoring and reporting.
Mobile Device Management (MDM)
Mobile Device Management (MDM) is a system by which laptops, tablets, and mobile phones are registered, monitored, and controlled by your IT department. This enables your company to push necessary software, such as endpoint security and custom mobile apps, and receive alerts if the software malfunctions or is removed. Policies can be established, such as requiring the screen to lock when idle and a PIN to unlock. Company data can be removed remotely, or devices wiped completely, when necessary to prevent unauthorized use of your data.
The solution you select should be a good match for your environment and requirements, and this is not always obvious even if it seems so. For example, if your company has mostly Apple products (MacBooks and iPads), surprisingly, using Apple's MDM solution might not be the best option if you do not use company-managed apps from the Apple Store.
You also need an experienced guide to create a plan, especially if, as is the case with virtually all startups, your users already access company e-mail, applications, and data through their privately owned devices. Whether or not the company will be supplying the tablets or phones, migrating to a controlled system requires both MDM technology and a robust and enforceable administrative policy for mobile device usage, to maximize security without sacrificing flexibility and productivity.
E-mail security systems are, by necessity, highly sophisticated, since e-mail is the easiest way for any unknown actor to get malicious programs into your computer, or send messages to trick a user into sending sensitive information. Threats from e-mail include:
- Attachments with malicious code that can encrypt your files and demand ransom;
- Links to websites that will execute malicious code through flaws in a web browser or by tricking the user into allowing it;
- Links to impostor websites of well-known e-mail service providers or banks with a message designed to trick the recipient into entering his password into the impostor site;
- Messages purportedly from the recipient's boss requesting transfer of money.
Blocking illegitimate e-mail of all kinds (including otherwise benign advertisements) is the first function of e-mail security systems. Of course, criminals work hard to get around these protections, so a multi-layered defense is necessary. These include scanning attachments to detect malicious code, or inspecting website links in the body of the message to make sure the site isn't pushing malware. The e-mail security system sits in front of your e-mail server, so it can perform these inspections before anything gets to your inbox, let alone on your computer. In that respect it is more effective than endpoint security software, which can only see what has already arrived on your computer. This gives the security system a chance to perform sandboxing of the attachments, which means the attachments are downloaded to a virtual machine and observed to see what it does. This process can detect malicious actions by a program that might not otherwise be recognized as malware through conventional scanning.
Major e-mail service providers are integrating some of these capabilities into their offerings. However, a third-party e-mail security service may be worth the extra expense, as such providers focus only on e-mail security, and thereby can have greater sophistication and configurability that could make the difference in preventing a security breach. For example, even if your e-mail provider offers sandboxing, the quality of the sandboxing system and the artificial intelligence involved is critical. This is because malware authors can program their payloads to foil a sandboxing system, such as by staying idle for a time. And the best e-mail security systems allow you to tune performance, so you can choose, for example, whether complex attachments might be delayed for five minutes for inspection to maximize protection, or examined more quickly but with higher risk.
E-mail security systems can also protect against data spillage, by examining all outbound messages to prevent users from e-mailing information that is not supposed to leave your company. This same outbound scanning also protects your company's reputation, as it will prevent rogue users from sending junk mail, and stop malware that may successfully infect a user's computer from propagating itself via your e-mail system.
Cloud Access Security Broker (CASB)
We've covered user devices and e-mail, but what about the wild expanse of cloud services and web applications? To protect your data stored in these systems, you can deploy a Cloud Access Security Broker (CASB) system. This controls and monitors data access, modification of files, and exfiltration of data in your sanctioned company cloud accounts, as well as any other cloud services your users might connect to.
This is the pinnacle of security technology in the modern mobile and cloud computing era. The most advanced technology involved prevents users from easily copying files from their laptops or your company's cloud storage into their personal accounts. And if a clever user makes the laborious effort necessary to work around the security controls, the best CASB systems will recognize the pattern of behavior and alert management, or even cut off access to company files for that user to minimize the data spillage.
This technology can add features to all cloud services that might not be otherwise available, such as multi-factor authentication and encryption. And, a CASB system that integrates with known services can disable certain functions in that system based on context, instead of blocking the user completely. For example, you may configure the CASB to prohibit any interns from sharing certain files outside the organization, where such fine control is not available natively in the cloud file storage service itself where these files reside.
A well-designed system will also integrate with your other security tools such as log monitoring and analysis, mobile device management systems, and third-party identity and access management solutions you might already have deployed.
CASB technology is an essential tool for fully implementing technical controls called for by your company's information security policies beyond the equipment you control.
Firewalls and Intrusion Detection
Firewalls have come a long way from when they merely blocked unsolicited inbound access to your network to protect your servers and workstations. Modern firewalls, called Next Generation or Unified Threat Management systems, perform advanced functions to block inbound malicious software a user might download from the web or via e-mail attachment, enforce encryption, and detect and block infiltration attempts on your servers embedded inside otherwise legitimate communications. These systems will integrate with existing security monitoring and management systems you might have to provide immediate alerts in case of a breach or attack, and even automatically reconfigure the network to lock down sensitive applications, data, or network segments when necessary.
In addition, firewalls now exist virtually, and not only as physical boxes on your network. In a modern cloud-based multi-tier application, the virtual servers that run the application communicate with each other through what's called a software-defined network, which will have separate virtual network segments, for security and performance. Firewall and intrusion detection technology will be integrated throughout any software-defined network. When properly designed, configured, and managed, virtual firewalls will prevent not only breaches from the outside, but will minimize the spread, duration, and impact of any breach that does occur due to outsider attack, flaws in your program code, or infiltration by a malicious insider.
All of the above, when deployed as part of a well-developed Information Security program, can be extremely effective in meeting your security goals. However, since nothing is perfect, you also need data backup. For local systems, this is a network-attached storage device. For cloud systems, there are many cloud-based backup applications that will pull data from your cloud services (e-mail, cloud storage, and online database systems) and save the data into their cloud storage system. Here are a few considerations on how best to deploy cloud backup.
First, ensure the backup application is hosted on a different cloud service from what it's backing up. That is, if you have company data on Amazon Web Services (AWS), do not sign up for a cloud backup application that is also hosted on AWS because, as unlikely as it may be, if Amazon has a catastrophic failure in its AWS platform, conceivably both your company data and the backup could be wiped out.
Second, remember that backup is for recovery after a disastrous data loss. Your backup storage should be offline; it should initiate connections to your company storage to pull data for the backups, and your primary storage system should not have any way to push data onto the backup storage. In addition, the storage space in your backup account should not be accessible by users, nor used as storage for any applications other than backup. The reason for this is to preserve the integrity of the backup in case a user or software maliciously or accidentaly deletes or corrupts data (including encrypting it for ransom). If you have users or a server that can see the backup files, then the backup is prone to be corrupted or deleted in the same manner.
Which of these should be deployed, and how? A robust Information Security program will establish what are the technologies you should invest in to protect the value of your information assets and your brand.
To get started, contact J.D. Fox Exec today.