Data Center Security And The Threats From Within
Best practices for minimizing the danger.
All too often security is discussed primarily in the context of threats that come from the outside. Yes, cybercriminals and other outside threats are rightfully a key focus when it comes to data center security, but focusing solely on them dangerously ignores the potential threats and vulnerabilities from within: endusers and even us, the venerable but not invulnerable IT professionals.
THE ENDUSER THREAT
While malicious insiders are certainly a concern, the bulk of the enduser insider threat is made up of endusers with no malicious intent at all and even those with the best of intentions who unwittingly make simple mistakes that create security vulnerabilities or who fall victim to traps.
In fact, human error alone creates a whole school of cybercrime opportunities such as phishing, watering hole attacks, and other social engineering tactics. Such threats don’t necessarily rely on sophisticated malware or technical vulnerabilities, but rather the psychology and behavior of people. Even without a malicious actor involved, an uneducated or careless employee or an overcomplicated procedure can result in sensitive information leaking and potentially falling into the hands of an attacker.
It can be extremely difficult to manage the daily activities of endusers to ensure they aren’t inadvertently sharing sensitive organizational information. However, the digital security of your data center depends upon it. So, here are several suggestions on where to start:
- Educating endusers on preventative steps they can simply implement on a daily basis to protect personal and company data is a good first step. This includes, but isn’t limited to, sound advice on password creation, acceptable use of non-company managed technology, and why certain uses are unacceptable and how to spot a social engineering attack, remembering that practical demonstrations will typically get through to them better.
- Partner with departments such as human resources and finance to help endusers understand the impact data breaches can have on the business. For example, having the finance department outline the potential costs of a data breach, which in turn impacts the company’s profitability and endusers’ own success, will help drive the message home for endusers who may otherwise think they are immune to either the threat of cyberattack or the impact of a breach.
- Again, engage human resources and add executive leadership into the mix to talk about potentially overly complex or convoluted day-to-day routines, processes, and policies that are less likely to be adhered to and cause friction with endusers. For example, if many endusers leverage a public cloud file storage tool like Dropbox, it might be better to adopt the platform as an official and therefore centrally-managed tool instead of trying to ban access.
- Ensure your overall security plan and policies prioritize the enduser factor. The overall lifecycle of the enduser, including changes that may occur without the user leaving the company, should be considered when devising such policies. For example, when an enduser switches roles or departments, they may have access to information that is no longer necessary.
- Finally, increase monitoring. An organization-wide security monitoring platform compliments anti-malware, data loss prevention, and email security tools and allows you to mitigate the enduser factor by picking up signs of abnormal and potentially dangerous behavior. It also gives you a clearer picture of how endusers are using applications, the network, systems, etc. That intelligence can then be used to inform how to best educate individuals and improve processes.
THE IT PROFESSIONAL AND THE INCREASING COMPLEXITIES OF MODERN IT
IT departments and the venerable professionals who staff them deserve much credit for not only fighting a tireless battle against a myriad of threats but also keeping business moving. But we shouldn’t overlook the fact that we too are prime targets for attackers, and how the increasing complexity of modern IT— think bring your own device (BYOD), cloud (including hybrid IT), hyperconvergence, etc.— is placing an ever greater demand on our time and focus, all with limited resources and budget. Further complicating things is that businesses truly no longer have four distinct walls — they’ve become porous, open, and available anywhere, anytime.
With this in mind, it’s easier to understand how, try as we may to avoid it, mistakes happen. The point is that the complexities of modern IT make the likelihood of simple mistakes by IT professionals made in the course of managing today’s infrastructures much higher, and those simple mistakes can have security ramifications.
What can be done? Here are a few tips:
- First, try simplifying IT management, including security management, to reduce the likelihood of mistakes. There’s really no way to get around the increasing complexity of today’s infrastructures; however, using the right tools — such as network, server, application, and database monitoring; virtualization, cloud, and configuration management; and remote support and help desk software — to simplify day-to-day IT management can help prevent mistakes from happening by providing necessary performance information, enabling simple issue remediation through automation. Tools such as patch management and security information and event management (SIEM) also help to simplify the process of managing the security of infrastructures specifically.
- To prevent the accidental mismanagement of potentially sensitive data, we should also monitor activity that takes place by administrator accounts differently than we watch endusers, and regularly audit how administrator accounts are being used. Through the auditing process, we can ensure sensitive data remains in the right hands.
- We should be cautious in what access and privileges we give contractors and other third-party IT service providers, being careful not to mistakenly place too much trust in them; remember the Target breach? It should be clear what their scope is. They should be monitored extensively, and, if possible, they should be given only limited remote access.
- Like for everyone else, we should also assign ourselves low-credentialed accounts for day-to-day work, avoiding global administrator privileges except when absolutely necessary.
By following these best practices, we can make a tremendous impact on the security of our data centers by reducing the threat and vulnerability created by endusers and even ourselves. With the pace the threat landscape is evolving and growing, with attackers looking for every possible angle to breach a company’s data security, this has to become part of your in-depth defense strategy.