Internal Data Loss is Riskier Than You Think

April 19, 2013

In an excellent blog post, Gartner research director Anton Chuvakin poses the question: is an Excel spreadsheet full of credit card numbers on a poorly permissioned internal file share considered a data breach?

Many information security pros and even some DLP vendors would answer “no” because the risk of data loss is implied, not actual.  But I think that is an overly optimistic stance.  To me, this is equivalent to saying, “I know there’s a hole in my roof, but it hasn’t rained in a month, so it’s only an implied risk.”

Anton astutely points out that, in every large organization, you can bet your mortgage on there being unauthorized access to your environment, facilitated by any number of factors including, but not limited to: subpar authentication, BYOD, infected endpoints, or an Active Directory that looks like a rats nest.

Chuvakin says:

 ”The phenomenon of “internally lost data” is way more pervasive than most people think. I’d bet if you think that it is pretty pervasive, then it is EVEN MORE pervasive. Confidential, regulated and “merely” sensitive data on “all access” internal file shares, SharePoint boxes, team web servers, internal blogs, etc is literally all over the place.”

We can confirm this phenomenon as it’s one of the main reasons organizations evaluate Varonis.  We’ve written extensively on the Everyone Problem.  Trust us, this is actual risk.  So what do we do about it?

The Sniff → Scan Approach

Dr. Chuvakin talks about how well the Sniff → Scan approach has worked for some organizations: sniff the network to see what’s leaking and then scan your storage environment to figure out where that data lives:

“[Organizations] first saw *it* on the wire, got mad – and then got curious: just where exactly is it stored internally? “Oh, in 537 different places!”  Next they fought the battle for reducing the internal exposure and then – surprise! – the occurrences of that piece of data being seen on the wire decreased as well…”

The trouble with most DLP solutions that help with data discovery is that, once the data of interest is found, you’re on your own.  There’s no operator’s manual for reducing the exposure in a safe, methodical way without doing collateral damage to the business.  Once you’ve pinpointed where leaky data lives, wouldn’t you love to know: Who can access it? Who’s using it? Who is responsible/is the data owner? How to reduce access down to a least privilege model without cutting off people who need the data to do their jobs?

The only way to answer these questions is to combine other metadata streams with the classification information.  If you’re in the information security space, you’ll start to hear the term Context-Aware Data Loss Prevention, if you haven’t already.  Analysts have begun putting a lot of weight on the ability to determine the context of data and its usage in order to make intelligent decisions about protecting it.

Anton concludes:

“So, if you got [sic] a DLP tool, plan for using its discovery capabilities. Hit those shares, SharePoints, team servers, intranet web sites, etc, etc.  And, yes, you need a process, not just a tool!”

For an in-depth look at the Varonis process for preventing internal data loss, check out ouroperational plan blog series (which starts with data classification).  And if you’re interested to see how the Varonis Data Governance Suite brings context to DLP, let us show you!

Also, have a look at Anton Chuvakin’s blogs here and here.  He’s one of the most entertaining and prolific writers on data protection.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , , | Permalink
Posted by david ricketts

Determining the Root Cause of a Data Breach With “The 5 Whys”

February 5, 2013

The jarring sound of an iPhone vibrating against a mahogany nightstand at 3:15am.  This can’t be good.  Server down?  Much worse: 50,000 sensitive files have been stolen from a poorly permissioned file server.  First, damage control.  Next, investigation.

Problem: 50,000 files were stolen.

Why?  The files were accessible to everyone in the company, even guests.

Why?  The folder’s access control list was configured incorrectly.

Why?  Chuck the intern configured that file server in 2007 and it hasn’t been reviewed since.

Why?  We don’t have a process to review file system permissions.

Why?  Because manually reviewing every folder’s ACL for problems is like searching for a needle in a haystack…and THERE’S ONLY THREE OF US AND A THOUSAND FILE SERVERS! SHEESH!

This fun little question-asking technique is called The 5 Whys.  It was developed by Sakichi Toyoda at Toyota to determine the root cause—and solution—to any given problem in the manufacturing process.  The technique has been borrowed by coders, sysadmins, and startup founders alike.

See, behind every technical problem is usually a human problem.

On the surface, it seems like the above fictional security incident was technical in nature – the ACL was configured incorrectly.  Deep down, however, the problem was the company’s non-existent entitlement review policy.

The 5 Whys technique encourages us to address the problem on multiple levels: fix the ACL, stop letting interns configure important systems by themselves, and institute a system for performing periodic entitlement reviews.

Sometimes it’s not feasible to immediately address every single problem uncovered, but 5 Whys suggests that if you make a proportional investment in the solution every time an incident occurs, you’ll eventually get to a point where you have an optimal level of protection against a given problem.  In our example, maybe you’d start by piloting entitlement reviews with a small business unit, or review just the super sensitive data sets.

The 5 Whys is an excellent technique for determining root cause so you can take reactive steps to ensure a problem doesn’t happen twice.  In my next post I’m going to talk about a new model for holistically evaluating your company’s risk profile so you can make proactive improvements.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

The #1 legal concern data security

January 30, 2013

Inside Counsel magazine recently reported that data security is the top issue cited by more than half of in-house lawyers. This was reflected in a conversation yesterday at the IACCM Board Meeting, where both lawyers and non-lawyers highlighted its growing importance.

The Inside Counsel article focuses on the need to understand the nature of the data possessed within a business and then to take steps for its protection. It concentrates largely on worries over regulatory compliance and reporting, so various forms of personal data lie at the forefront of concerns. Since some level of hacking appears inevitable, the advice relates largely to the steps needed to limit potential fines and to eliminate the need for reporting. Much of this revolves around encryption, but also the need to analyze data flows to ensure weak spots are identified.

At the IACCM meeting, perhaps because more of the companies represented are b2b, the focus was somewhat different. For them, data security was also about critical business data – product development, strategic plans, customer records. The concern is more around the exposure that arises from links with trading partners – the extent to which shared systems or information access creates a gateway to wider data loss. The implications of this force companies to consider a wider array of solutions. This includes terms and conditions that commit trading partners to appropriate steps and contain penalties for failure. It often incorporates some right of audit or validation.

But ultimately, terms and conditions are a relatively weak form of protection because the most likely reasons for data security breach are either because  a trading partner lacks size and sophistication, or because it lacks integrity. And these issues will typically be fixed only one of two ways – that is, do the work in-house or select top quality partners who cannot afford reputational damage.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

Optimising your cloud backup

August 1, 2012

You’re ready to move into the cloud, but before you can get there you actually have to get your data to the cloud. Below are some tips on how you can optimize your first cloud backup deployment.

Backup the Most Important Files First

When you sign up for a cloud backup service, your trusted managed  service provider will have to make an initial backup before they can begin to back up your data incrementally. Depending on the amount of data that is required to be backed up and on the speed of the internet connection, this initial backup can take a long time to complete.

With the first backup taking so long, it is important to prioritize your data. You may want to organize your organization’s operational documents (word processing files, spreadsheets, etc) to be backed up first and have uncommon file types backed up last. Depending on your managed service provider, you may be able to determine which files are used most often in your business and back that up first.

Take Advantage of Bandwidth Throttling

Although your initial backup may take a long time, you don’t want it to affect your network during working hours while people are trying to get their work done via the internet. During the day, you should be able to strike a balance between getting your backups done and having enough bandwidth for the workday. After business hours and on weekends you can increase your bandwidth to focus on your backups.

Deduplication and Compression

It’s best to minimize the data being sent over the wire and to the cloud through deduplication, especially if you’re paying for backups per gigabyte on a monthly basis.

One way to decrease the amount of data being backed up (without sacrificing data protection) is to use de-duplication. When seeking the services of a cloud backup services provider, this feature should be standard. The way de-duplication is performed can often be unique to each managed service provider.

Some providers will only back up each file once and if the same file exists in multiple locations, pointers to the files will be created. Other service providers will provide block-level de-duplication. Rather than skipping duplicated files, the software which powers the cloud backup service will create a checksum for each block that’s being backed up and then uses the checksum value as a way of determining whether a duplicate block has already been backed up.

Keep a Local Copy of Backup Files

It’s important that you continue to store backups on premise – it will always be easier and faster to restore data from a local backup then from the internet. Local backups also allow you to further align the value of data with the cost of protecting it. Using the cloud for backup will allow you to recover in any situation when data loss occurs, but creating a second local backup is best for accidental file deletion or to quickly recover a single server in your network.

For more information or to request a demonstration please visit http://www.c24.co.uk

Leave a Comment » | Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Deduplication and Autonomic Healing Make Data Recovery Fast and Easy

July 10, 2012

A data loss event is the stuff of nightmares for businesses. Something goes wrong – a natural disaster, a server crash, tapes are misplaced – and  crucial information is lost and business continuity is threatened.  Preventing this scenario is one of the main reasons businesses have backup and recovery procedures in place.

Backing up and storing data can have a significant impact on the operation of your IT department – performing backups over the network takes up bandwidth and the backup data  can take up significant storage space. That’s why it’s important to use a backup and recovery solution that provides deduplication, one that supports both local and client-side duplication at the LAN level as well on a global level across all protected sites. The solution should identify duplicate data by looking for the same data queued up for backup more than once and compare the data based on content, so it doesn’t matter if the files have different  names or are stored on different servers. After an initial, full backup, the solution should only transmit new or changed data so it doesn’t negatively affect bandwidth.

By eliminating redundant data, data deduplication optimizes the backup environments, reduces costs and makes recovery faster and easier.

However, data deduplication is just one necessary aspect of your cloud backup and recovery solution. Imagine going through the trauma of a data loss event only to find the data you recovered is useless because it is corrupted. Just when you thought you were out of the  frying pan, you find yourself in the fire.

To  keep that worst case scenario from happening, your backup and recovery solution  needs to perform Autonomic Healing. Autonomic Healing acts as an immune system  for your network by constantly scanning all backup data for corrupted files. This can include corrupted files as well as ones with logical inconsistencies  caused by third-party technologies, such as faulty file systems or network  packet loss.  Before the file can cause  any harm, Autonomic Healing sends notifications so a fix can be applied during  the backup process. Autonomic Healing ensures that backup data is constantly in  a valid state, so when it comes time to restore, you have confidence in the  data.

The only cloud backup and recovery solution that  provides you with both deduplication and Autonomic Healing is Asigra Cloud  Backup™. To find out more information on how Asigra Cloud Backup can ensure you can recover and  restore your data to resume business operations quickly, visit www.c24.co.uk

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Small Business Disaster Preparedness

May 8, 2012

Many small businesses will never recover from disasters, natural and otherwise, and the main reason for this is because business owners didn’t have a plan to recover their business. Many small businesses don’t have a business continuity plan in place to cope with these kinds of event and when they occur, the results can be devastating or catastrophic to life of the business. According to Gartner , 50% of businesses that experience a major disruption ultimately fail.

The most common business disaster is data loss, which can result from a number of causes including human error, hardware failure, natural disaster and theft. Fortunately data loss is easy to recover from if you have a backup solution in place.

  • Familiarize yourself with your data – know what you have, where it is and what is most important.
  • Consider your backup options. Your backup must be offsite, secure and available for recovery 24/7. One popular option that meets the above criteria, with the added benefit of ease of use and automation, is online backup. Other options include tape or backup to external media.
  • If you choose to outsource your backup needs, make sure that you choose a provider that offers security, monitoring and support.
  • Decide who will be responsible for either managing you backups internally or working with your selected provider to get your backup solution carried out.
  • Do a run-through of the recovery process. Backup is nothing without recovery, so be sure that you are familiar with the recovery process and confident that it works smoothly. Your provider should be happy to walk you through a test-recovery procedure.

Review your data regularly to be sure you’re backing up everything you need. For example, if you add a new server in your office, your backup should reflect this addition. This should be done every other quarter if not every quarter.

In the busy day-to-day operations of most small businesses, there is little time for planning for, or even considering the unlikely event of catastrophic technical failure. This is particularly true of small-to-midsize companies that typically have less IT infrastructure in place.

A little preparation could literally save your business!

Here are some of the questions you’ll need to ask yourself when determining whether or not your business is ready to recover from a disaster:

  • Do you perform backups regularly on every server and employee hard drive in your organization?
  • Do you regularly send your data to a safe, off-site archive?
  • Do you have a proven media, drive, software, and automation solution?
  • Does your current backup and recovery system meet your business uptime needs?
  • Do you use backup rotations to provide good versioning?
  • Do you know how fast your data is growing?
  • Is your backup scalable for this data growth?

Some ideas, for more information please contact www.c24.co.uk

Related articles

3 Comments | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

When it comes to backup, recovery is key

October 5, 2011

When it comes to the cloud backup of data, it seems that we’re constantly bombarded by technologies, speeds and feeds, expensive and low cost solutions, and who’s best out there. We all know backup is important, but sometimes I think that because backup is such a main focus for so many vendors, we often forget WHY we backup in the first place. (So now everyone is saying, “to recover data you idiot.” Keep reading…)

When we look at the SMB space, we’re typically looking at an IT staff of one or two people. These people are also heavily over tasked, and backup is just one of the unglamorous and mundane tasks that has to be done. Not only is the IT staff heavily over tasked, more often than not they’re constantly juggling a “break and fix” solution because of being heavily under budgeted. So at 5:00pm every day, IT has to go into the server room/wiring closet and put in today’s backup tape in hopes that a successful backup is completed by the morning. Sounds simple enough right?

Now, everyone’s entitled to a little time away from work now and again. This is where everything that is bad that can happen, WILL. Now that our faithful IT person is away, this usually gets delegated over to the office manager. Prior to taking vacation, there is a quick meeting that takes place to show our office manager where the tapes are, and what to do on a daily basis in order to get our daily backup done.

Unfortunately what that IT person FAILS to do is show our office manager how to RECOVER data and systems should they need to. Doesn’t it make sense that a backup is useless if we can’t recover from it? So how does showing our office manager how to backup protect the business from downtime should there be a data or system loss event? IT DOESN’T! What if our IT person was out for an entire week and the company lost their Exchange, SQL or other critical server on the first day with nobody having the competency to restore it? The company won’t close down until it’s restored, but how are we expected to continue operations?

I hope that if you’ve gotten this far in this story your head is nodding in agreement to some degree.

Now, let’s look at this exact same scenario if our IT staff from the same SMB Company offloaded the mundane task of backup to a service provider. There would be no need to worry about that tape at 5:00pm every day. No need to hope and pray for a successful backup job to be completed the next morning as our service provider monitors this on our behalf. No need to worry about having to go and ask for capital budget because we have out-dated backup hardware. No need to worry about going on vacation (and yes, IT guys worry about things going wrong when they go on vacation), and no need to train non-technical staff to perform technical operations that effectively don’t serve much of a purpose in the absence of the IT people to begin with.

While that IT person is enjoying their vacation, should there be any data loss, or system outage, our trusted service provider is available 24×7 for anyone in your organization to call to enlist their help to recover (yes, they provide those type of SLA’s for you!).The best part of all of this is that it’s all rolled into a low cost monthly service.

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 752 other followers