Symantec’s recent admission that antivirus software is “dead” should sound the alarm to all companies and government agencies that the traditional approach of hardening the network and data centre is growing insufficient. Particularly as organisations increasingly move their data to cloud-based services and enable employees to access that information remotely using their personal computers, laptops, smartphones and tablets.
Despite the growing number of high-profile data breaches and the anxiety they cause among organisations, too much information security spending still focuses on the prevention of attacks, while not enough has gone to improving (or simply creating) information monitoring and response capabilities.
The priority must shift from protecting information from the outside in, to securing it from the inside out – an approach called information-centric security.
Think about how radically the business environment has evolved with the advent of cloud computing and the bring-your-own-device (BYOD) trend. It wasn’t long ago that the majority of employees worked at the office and accessed information on servers and computers locked down by IT and behind firewalls, anti-spam and other traditional security solutions that hardened the network perimeter.
Hacker to thief
Years ago, the primary motivation for cyber hackers was bragging rights. They would break through an organisation’s security defenses and openly boast about it to their fellow hackers.
Today, cyber thieves typically share the same motivation of the businesses they’re attacking: to make money. Their tactics are more targeted and more difficult to detect for even the largest companies with sophisticated security systems and trained personnel in place.
According to a February 2014 report from threat intelligence consultancy firm Risk Based Security (RBS), data breaches in 2013 exposed over 822 million records, nearly doubling 2011, the previous highest year on record.
As workers became more mobile and able to work remotely, first with laptops and then on their smartphones and tablets, IT departments were forced to contend with more devices accessing information stores from outside the network.
Information was still stored primarily on company servers and was accessed by logging into a virtual private network (VPN), typically a slow and frustrating experience. However, employees could also load data onto their personal devices and USB thumb drives, increasing the risk of theft or loss.
The advent of cloud computing services enabled remote workers to bypass the network and VPN entirely. Information now increasingly lives on the public servers of cloud services providers.
A company can realise significant cost savings on infrastructure and IT systems management, and make collaboration among employees in remote offices and traveling all over the globe easier.
However, those benefits can carry a steep price. Network security measures can no longer prevent today’s advanced, targeted attacks. IT does not control the majority of user devices (BYOD) or the cloud services employers use every day, which significantly increases the risk of a data breach. A new security model is needed.
Instead of securing data from the outside in, organisations must adopt an information-centric approach. This requires monitoring where files are kept, how they are used and where they are being sent to in order to prevent a breach.
There is still value to hardening the network and using endpoint security software to try to keep the bad guys out, but those steps are now part of a larger strategy that must address the fact so much information is outside the company’s servers and being accessed by so many different devices.
You must know exactly where sensitive data lives at rest, employing technologies like document fingerprinting, pattern matching, keyword dictionary comparisons and other techniques that can track the genealogy and chain of custody of digital files.
Businesses should also be aware of how their sensitive data is being used in motion, and that requires pervasive monitoring to identify meaningful deviations from normal behavior that signal malicious intent. This can include examining file location, the time of day, what devices are being used, IP addresses and URL reputation.
This combination of content-aware monitoring plus context-aware monitoring equals information-centric security: knowing digital assets are protected against unauthorised use, disclosure, modification, recording or destruction.
Traditional antivirus software may not be entirely dead, but the practice of solely relying on it to protect data stores is.
It simply cannot keep the bad guys out, and when those attackers do break through the network security system, they can sit quietly for months or even years stealing data before they’re discovered and the damage is done.
The fact organisations are moving more information to cloud or SaaS-based services, and permitting employees to access that information with their own personal devices, makes an attacker’s job easier and increases the risk of accidental loss or deletion by a well-meaning employee.
Instead of fighting to keep the attackers out and prohibiting the use of cloud computing applications, or forcing employees to use IT-issued laptops and smartphones, CIOs should consider adopting an information-centric approach that enables real-time monitoring of data at rest or in motion, to better protect against a breach.