Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Enterprises Must Encrypt Data, Segment Networks to Thwart Hackers

    Written by

    Wayne Rash
    Published June 9, 2015
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Oxon Hill, MD— It should be no surprise when marketing executives for security vendors say that whatever it is their company sells is the best way to bolster data security. That is, after all, their job.

      That view certainly prevailed at the Gartner Security and Risk Management Summit held at Gaylord Convention Center just outside the Capitol Beltway that encircles Washington, DC.

      And as you’d also expect, the topic that came up in every conversation even vaguely related to security was the recent data breach disclosed by Office of Personnel Management. On June 4, the OPM disclosed that hackers had made off with millions of personnel records of government employees and others, including contractors with security clearances. Since nobody actually knows any solid details about what happened, speculation ran rampant.

      Fortunately, I was able to find some serious security researchers at the event — people who were quietly advising some of those three-letter agencies at the capital that we expect are able to keep confidential data from being leaked or stolen. Their views were much different.

      “This is why we need a new paradigm,” Jasper Graham said as we talked in his hotel suite far from the crazed goings on at the Gartner event. Graham, who is senior vice president of cyber- technologies and analytics for Darktrace and formerly a National Security Agency cyber-security expert, said that the industry needs to abandon the idea that perimeter defense of the enterprise is enough.

      “You might be able to keep out 90 percent,” he said, referring to the number of people trying to break into an enterprise network, but he said that the remaining 10 percent are smart and motivated, so inevitably they will find a way to get into your network.

      Because keeping hackers out of your network is essentially impossible, what enterprises must do is find ways to make their valuable data inaccessible or useless, or preferably, both. This is the reason that hackers were able to penetrate OPM, as well as Target, Sony and Anthem, he said. Those networks, he pointed out, were not segmented and their critical data wasn’t encrypted.

      Sadly there are worse problems than just limiting security to perimeter defense. Torsten George, vice president of marketing for Agiliance shook his head in dismay as he told me about a company that asserted it didn’t need any sort of cyber-security protection.

      “They said they had cyber-insurance, and that was enough,” he said. I asked him if that company’s cyber-insurance was going to cover the company’s drop in valuation or the firings of the company’s CIO and CSO when the board found out why any hacker was certain to be successful.

      Enterprises Must Encrypt Data, Segment Networks to Thwart Hackers

      What’s equally interesting was the fact that none of the experts I spoke with at the event were willing to point their fingers at OPM itself. The problem with revising a records management system as huge as the personnel records at OPM is daunting and expensive in the extreme.

      Agencies are caught in a continuous battle to get the budgets necessary to do their jobs. Complicating matters, the hardware and software in use at many agencies is antiquated and updating it using the existing federal procurement rules can be nearly impossible.

      Add to this mix the tendency in Congress to decide to simply cut the federal budget by some random percentage and you’ve got a situation in which adequate security is at best a wish experienced in a fevered nightmare. Instead, federal IT staffers are forced to make do with long-outdated equipment that’s frequently incompatible with anything else in the data center.

      When federal IT managers find that some action, such as greater security, is mandated, they often have to choose which other functions they’re going to shut down because they don’t have the funding to do everything they’re required to do.

      The situation with the OPM breach is a good example. The Department of Homeland Security has announced that it’s going to request from Congress the money necessary to find the reason for the recent attack and then fix it.

      What this means, if you’re familiar with federal procurement, is that Congress appropriated no money currently for security upgrades and none for the task of forensic analysis so that managers can figure out how the attack happened.

      Fortunately, private industry doesn’t have to depend on Congress to behave responsibly. But they do have to depend on boards and top managers to believe that bolstering data security should be a priority.

      Some companies are, in fact, doing this. For this reason, for every Anthem Blue Cross that doesn’t segment their network and encrypt sensitive data because they’re not legally required to do it, you have a company such as Carefirst Blue Cross that does it anyway.

      This is why when Carefirst Blue Cross was hacked, little was lost, unlike Anthem, where everything was taken. Both companies still had to tell their customers about the hack, but only Carefirst was able to tell its customers that there was little chance of identity theft.

      Now, when those security experts talk about how security can be done right, they have a good example and a bad example. One wonders how the company with cyber-insurance might feel if they were routinely called out by their colleagues as the bad example.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×