Breaking into the Vault
Every so often, an article will appear with a title along the lines of “Customer data stolen from Corporation X – thousands of records released”. The article will then go on to explain the type of data, whether it was encrypted, and the means by which is was taken (for example, a hard-drive was stolen, but the drive was encrypted, and it only contained mailing addresses).
As a business owner, these articles should be of major concern. Your clients entrust you with some of their information, starting with their contact information. That trust can prove to be fatal to your business if you don’t take the proper precautions to prevent the data from falling into the wrong hands. The problem, however, is that you do need to be able to use the information, as do your employees.
The question then is, how can you balance the need to access secure information against the need to secure the information against access?
The first model of protection is to place the data in a location that is difficult to access. This is similar to the construction of a moat around a castle, placing slits for archers in the outer walls. The idea here is to make it as difficult as possible for someone to get into the castle, or, in the case of your data, as hard as possible to reach the files.
The problem, however, is what if an attacker does manage to get into your castle.
Preventing escape is a little different. I’ve walked around a few castles, and one of the things I’ve noticed is that there are rarely any direct routes out of the castle. It’s easy to take a wrong turn and spend ten minutes figuring out where you are. Those familiar with the castle can quickly cut off escape routes, preventing items from leaving the secured location.
Your data is no different. You can design your security in such a way that removing it becomes a time-consuming process for anyone unaware of the proper ways to do it. This won’t hamper your employees, who know how to access the information, but trying to hack your way out can be made like trying to navigate the outer walls of a castle.
There’s still a problem, however, in that there is still a legitimate route in and out, and often it is not an outsider who leaks data, but an (ex)employee.
The last step is to track all legitimate access to secure data. Every id that can access your data should be owned by a single person, and every time data is accessed, a note should be made elsewhere of the time and date of access, the user who accessed it, and where the access was done from. This information should not be accessible to any of the users of the system, and should be backed up independently on a regular basis.
In this case, the message being sent to those with legitimate access is that you might not be able to prevent them from taking the information, but if their id is used to do something like that, you’ll know about it.
When protecting data, you need to have all three elements of defense. You need to make it hard to get in, hard to get out, and hard to do either anonymously. A failing in any one of those three areas can expose you to risk of losing both your clients’ data and their trust.