How to protect your crown Jewels while working remotely
The crown Jewels, part of the Royal Collection, are the most powerful symbols of the British Monarchy. They are housed in the ‘Jewel House’, vault at the Tower of London. Ever since attempts have been made to steal the crown jewels their security has been tightened.
Conventional methods to protect the crown jewels are not sophisticated enough to stop the highly motivated adversarial threats. Let’s take a closer look at how these jewels are protected.
They are protected by bomb–proof glass and are closely watched by more than 100 hidden CCTV cameras. The security as a whole is provided by a 22-strong Tower Guard. Thus, they receive a double layer of protection.
Sometimes, these crown jewels are removed from the tower for state events and are escorted by the Jewel House Wardens, effectively being in a mobile Jewel house.
Remote workforce has left the ‘Crown Jewels’ of an organization exposed
Mission-critical, intellectual property is an organization’s ‘crown jewels’ and would cause major business impact if compromised. However, the recent Covid-19 pandemic and its consequent economic shutdown have transformed the way we work.
Organizations have been forced to work remotely, and this creates a lot of new issues around access and security. The work-from-home mandate in many states has created more openings for potential data leaks.
While adding more security staff may moderate network–level breaches, it still does not fully address the issue of data loss. Surprisingly, it is now known that data theft occurs from within an organization by its employees or insiders.
Working from home may embolden employees to be lax with company information. The drive to hire more security analysts is based on the belief that more guards will ultimately protect from outside invasions. This may not be the best strategy if you are vulnerable from within.
When the pandemic is over, remote work will still increase in popularity due to societal and economic factors. Many companies are poised to capitalize on the boom in cloud technologies with the expectation that it will not only offer cost savings but also reduce the security burden. Presumably, the cloud would better control external access, but so far this has not been proven.
Is an Outside-in approach enough to protect your Crown Jewels?
Information security is a complex subject, and the market for solutions is just as complex, where it is divided into segments such as identity access management, infrastructure protection, and security services. Each of these on a macro scale does not pertain to data directly, but things that surround it. The market is thus geared to an external versus internal approach to data protection.
The security market has a whole new sector aimed at fixing the problems after they occur, rather than prevention. There is growth in new consulting businesses with specialties in “Computer Forensics” and “Data Breach”, and “Digital Forensics”.
Some of these business offer answers to questions such as
- “Was an electronic document altered?”
- “Did someone download illegal material?”
- “Was important information accidentally deleted?”
- “Did a disgruntled employee email your trade secrets to a competitor?”
These are questions that need not be asked if the security system could prevent them in the first place.
Interestingly, if you can imagine that Microsoft and other pioneers had built security into the file system initially, we might not be involved in building so many forts. The new security designs (and administration) are still largely focused on the big scale outside-in approach.
Understanding the Crown Jewels of Data Security
Until only recently have people realized that a data–centric approach is simpler and most effective, much like the protection of the Crown Jewels. You still have the external fort, but another fort within the fort, and secure display cases within which are the jewels.
In this modern setting now enters the concept of EDRM, “Enterprise Digital Rights Management.” These are a set of access control technologies that restrict the use of proprietary hardware and copyrighted works. This concept extends to proprietary corporate documents such as reports, financial records, etc.
The EDRM technologies are not defined by the standard user verification and network access, but instead are more record specific. This is again like the Crown Jewell analogy, where there is an internal shell within the outer protective wall.
With permission, the public can have access to view the jewels, and others can touch them. Perhaps new jewels can be added if the Queen so decides. With EDRM, the virtual jewel house is mobile, as the guards.
Just like you can’t walk by the crown jewels and grab them, Microsoft’s AIP (Azure Information Protection) and Office 365 are aligned with the Zero Trust security architecture. Security is now at the data level, effectively making a Jewel House for information.
Protecting your SAP and CAD Crown Jewels with a Zero Trust Approach
However, these jewel houses do not build themselves and must be made to be application–specific. To meet this need, SECUDE is partnering with Microsoft and SAP to provide Zero Trust security for data extracted from SAP systems. SECUDE’s HALOCORE provides this control.
Similarly, CAD (Computer-Aided Design) software used in almost all manufacturing and design businesses does not currently have built–in Zero Trust security. Data files are often shared between businesses with an implicit (but not guaranteed) security control, typically with perimeter control. If there is a perimeter breach, designs may be stolen or copied fairly easily.
SECUDE’s HALOCAD provides add-in software to the major CAD vendor’s products so that they are compliant with Zero Trust methodology using Microsoft Information Protection. If the files are stolen, they will be useless due to encryption.
While work-from-home seems a feasible solution for businesses, they have to ensure that their crown jewels are well-protected at an application level. This will ensure that their information is safe even though it is remote.
To know more how SECUDE can help you protect your SAP Crown Jewels contact me at