One of the biggest data breaches of all time occurred not by a malicious external actor, but by IT contractor Edward Snowden, who was able to take privileged information from the National Security Agency (NSA). The fact that Snowden had access is not a unique problem for the NSA, according to a new study sponsored by security firm Vormetric.
“One of the big revelations in the survey is that 73 percent of respondents said they don’t block privileged users from access to sensitive data,” Vormetric CEO Allan Kessler told eWEEK.
The Vormetric-sponsored study was conducted by Enterprise Strategy Group and surveyed 700 IT security decision makers. Fifty-four percent of the survey respondents also indicated that it is now more difficult to protect against an insider threat than it was two years ago. There are several reasons for this, according to Kessler, among them being the growing use of cloud computing and virtualization. Contractors are also a particular challenge. Kessler noted that Snowden was a contractor and he had tremendous access to data.
“The fundamental problem is that the folks that have access to manage an internal system have incredible amounts of privileges,” Kessler said.
He added that system administrators need to have privileged access to be able to manage servers and big data stores.
“However, very few organizations realize that they can keep privileged users from seeing data and still allow them to do their job,” Kessler said.
The growing use of the cloud exacerbates the issue of privileged users. Kessler noted that when an enterprise puts its workloads in the cloud, those same privileged users can also see data and can potentially do damage.
Role-Based Access Control
The idea of role-based access control (RBAC) is one that has existed for decades in IT and still serves a core role in security information.
Most Organizations Fail to Protect Confidential Data: Report
In the modern era, Kessler noted, the traditional network perimeter is dead and it is exceedingly difficult to prevent bad actors from getting into an organization. The real question for Kessler is not about preventing attacks, but about reducing the attack surface and minimizing the risk from exploitation.
“Having a policy-based approach that protects the data can significantly reduce the attack surface,” Kessler said. “Using policy to determine who can see the data is something in which we believe.”
There are some challenges with implementing proper policies for data protection, a key one being the fact that many organizations simply do not know that policy-based access can be implemented in the first place, he said. Encryption also plays a role in data protection.
There are multiple technology solutions to the problem; one of them is Vormetric’s Data Firewall.
“We have a data firewall that sits on top of the data and then talks to a policy manager,” Kessler said. “If anyone tries to access data on the server, the firewall checks to see if the user has the policy access to be able to see the requested data.”
The system has multiple layers such that the user could be granted access to see the metadata but not the complete data set. So if a user who is only authorized for metadata attempts to view privileged data, the privileged data is encrypted.
The data firewall can also control what a user is able to do with data. For example, a root system user can be limited in terms of the actions that can be taken.
“It’s a very strong control that can reduce the attack surface,” Kessler said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.