Management Musings 2: Protecting evidence at the scene of crime
How do you save the footprint of the thief who tries to steal your data?
Remember the names?
I would like to continue my train of thoughts from the previous post which was about why we should pay attention to data-centric security and why perimeter defenses are not bullet proof, as we see security breached almost every day. We all know about the administrator’s skeleton key that give access to pretty much everything. Remember Edward Snowden, who stole an enormous trove of highly sensitive data and got it published by the Press? Well, he was an administrator with all access rights. Remember Chelsea Manning? There was no hint of theft in both cases till the papers went gaga over the leaks.
In similar vein, who was responsible for the theft of customer data from Swiss banks, Panama and Lichtenstein banks? All administrators. Those guys had the power to change the offshore banking world and making Switzerland surrender its best money-making machine for generations. Why was the banking management so oblivious of the dangers lurking right under their nose in the IT department on lower level of the totem pole? It’s really a crazy story.
Read the previous blog by Dr. Heiner Kromer here.
Erasing the footprints
The problem is that manipulations within are difficult to spot because the thieves’ footsteps – the logfiles – can be not only be manipulated, but also be wiped. Forensics are stymied. Even if found out later, the damage is already done. What’s needed is an alarm bell going off when logs are manipulated. Can you protect evidence?
That log files are extremely important is well understood in our security market and needless to say there is awareness. However, is something being done about it? I have spoken to quite a few CISOs and CIOs. They know admit it’s a problem but are rather reluctant to discuss it. If they admit openly that it is a security risk – and do nothing about it – it’s like putting one foot into a legal bind for negligence on the job. So, better to keep it off the radar. “Zero trust” must include challenging the power (access to secrets) of the administrator.
Beyond the Blockchain
I have been thinking about this problem for some time and have asked my R&D management to solve it leveraging Blockchain technology. Why Blockchain? I am not sure. Probably, I succumbed (a bit) to the Blockchain hype. Anyway, our R&D team tried and admittedly got nowhere. I tried Blockchain experts across industries to figure out how to overcome the technical issue we saw. No dice. It was a two-year odyssey to no avail.
Then we looked beyond Blockchain and realized the Aha(!) moment. There is a better and more efficient solution at greatly lower cost and with much less complexity which led to real innovation and to our HALOCHAIN solution. How did we solve it? That’s for the next time.
In the meantime, I would like to hear from you if log file security resonates with you. Our technical experts can show you how to bulletproof your log files.