Standing up to internal hijackers

Organisations of all sizes are beginning to amass huge amounts of electronic information as a result of corporate data requirements soaring, rocketing e-mail usage and a deluge of new laws and regulations. As a result, firms are having to find new ways of storing this data. For many, that means turning to networked storage architectures. The business benefits of implementing Storage Area Network (SAN) solutions include better utilisation of data storage assets, the ability to scale for meeting future needs and improved operational efficiency.

However, the advent of networked storage as a mainstream solution for the data explosion has also created new security challenges for the IT and security manager. Traditionally, the security of stored data was viewed very much as a data centre problem, primarily because – until fairly recently, at least – all data storage devices had to be located in close proximity to a server, constrained as they were by relatively short cable connections. Of course, a major advantage of this arrangement was the fact that every scrap of information was protected by the physically secure environment of the data centre.

As networked storage has freed data storage devices from the server, allowing them to be physically distributed across the networked storage environment, so the stored information has consequently become more susceptible to attack.

While data centres functioned as ‘guardians’ for the stored data, limiting access to it and securing it from prying eyes, this is not typically the case with a SAN.

Implementing SAN for businesses

One of the primary benefits of SAN implementation – ie the ability to centralise data storage devices into one single, seamless pool which can then be allocated on an ‘as and when’ basis – is also its major downfall in security terms.

The SAN was designed to provide an architecture which delivered masses of data quickly and efficiently, but one side effect of this is that there was little or no security in place to protect the data stored on the SAN from intrusion (as security meant slowing things down). This resulted in all of the corporate data being centralised into a single pool of data whereupon any data centre professional who had to manage the data storage device also had access to the data being stored.

The problem is exemplified when you look at IT professionals who have traditionally had to have certain ‘root’ privileges in order to manage and configure systems, or to perform necessary maintenance (such as back-ups and adding patches). Until recent innovations in security technology, this meant that those individuals were, by extension, able to view all the data managed by these systems.

In today’s enterprise environment, a single security breach can compromise millions of confidential, sensitive and private records. The first step towards successfully ensuring that stored data is secure is recognising which corporate data is essential to a company’s reputation – a breach can cost millions in revenue terms, while also leading to loss of reputation and lessening customer confidence. The challenge, therefore, lies in translating this into a technological solution.

While most blue chip concerns are ‘techno savvy’ enough to install security measures that prevent external attacks (ie firewalls), many are doing little to avoid breaches from within. In light of The Gartner Group’s recent estimate that as many as 70% of unauthorised attempts to access private data originate from within an organisation, this lack of defence would seem to represent a significant oversight.

Limiting access to data

The client’s problem can be solved by a system architecture solution which limits user access to stored data as well as encrypting it.

While most blue chip concerns are ‘techno savvy’ enough to install security measures that prevent external attacks (ie firewalls), many are doing little to avoid breaches from within

While the limits should ensure that access is prohibited to non-authorised users, should any data become available to an unauthorised third party the encryption ensures that it cannot be read or manipulated to damage the client’s business. Of late there has been a spate of high profile cases demonstrating such issues, including a recent example highlighted in the national media in which a customer database and access codes to the supposedly secure Intranet of one of Europe’s largest financial services groups was left on a hard disk offered for sale on e-Bay… and which was subsequently bought for just £5.00.

Another example epitomises the warnings that the threat is just as significant from those inside an organisation. In this case a part of the major disk system in a large financial house was affected, and data couldn’t be accessed.

As is the accepted process in most large organisations, the back-up tapes were brought in and the operations staff left to get on with the restore. All seemed to be going well until, soon afterwards, one member of staff failed to turn in for work at the same time as significant amounts of money began to disappear into a new account on the system!

On closer investigation, it appeared that the individual in question had created an extra set of back-up tapes for his own use, which had then been taken off-site and the data manipulated. When the ‘disk failure’ occurred, the data restore substituted the manipulated tapes for the ‘real’ ones, creating a new account and filling it with funds from several others. This breach was detected reasonably quickly as a tide of account queries flooded in but, even so, significant amounts of money had already disappeared into an overseas account… and the person responsible had followed it.

Had the data been encrypted this scam wouldn’t have been possible.

New encryption technologies

Traditionally, encryption was undertaken in the server which meant that, as the volume of data increased, so the server had to dictate more of its processing power to the encryption function (to the detriment of any applications that are already running).

The new generation of encryption technology takes this role away from the server and places it onto the SAN where, because of extremely fast hardware implementations, the minor effect on performance duly passes by almost unnoticed.

Add that to sophisticated controls which limit who can ‘see’ the data and you have the first effective solution for securing data in a networked storage environment.

In any multinational corporation there can be as many as 500 or more individuals able to access that company’s electronic information. Odds are that one of them will have a bone to pick. And that one person could have a potentially disastrous impact on a corporation’s reputation and – more importantly – it’s revenue. Don’t let it be your company that suffers.