Maybe he became reckless. Although he must have tried to erase his tracks, a team of digital forensic experts revealed the identity of the intruder. It was Kenneth, a former contractor who was hired by the IT department to advise on the upcoming database migration. Kenneth turned out to be a smart guy. It also turned out he misused his expertise to read documents containing information about pending mergers and acquisitions. Top secret! He leaked this information. However, not without a trace…
# Only one entrance
It is an important design principle: ensure there is only one entrance all persons must past through. This principle ensures unauthenticated access is out of the question. In order to access whatever information – stored in files, emails or on the web – it is required to identity yourself and to provide your credentials. Implementing this design principle allows one to determine who is accessing your unstructured data. And it is important to do so.
# Ensure there is only one entrance all persons must past through!
Although not trivial, it is possible to implement the principle of having one entrance only. What is more difficult, is determining whether someone who enters the system is only able to access information he is allowed to. Organizations focused on storing and sharing information for years. By itself, this is a good thing. Unfortunately, it has lead to becoming out of control of huge amounts of data. Many have ended up with complex authorization structures and lost insight. Business information could be at risk. Find where your sensitive data reside
No insight in what information is confidential. No insight in where confidential information is stored. No possibility to report on who has access to what documents. Many organizations experience these problems. They are not to blame. Security was not top of mind in digital information sharing. Some years ago, no one realized file shares could grow to gigabytes in size and become business critical.
Risk mitigation starts by finding out where your sensitive data resided. It continues by enforcing access restrictions to it. It ends with a cleaned up and secure environment. Both auditors and employees receive the insight they need. For the first to verify that the system is indeed secured. For the latter to help them easily access and find the information they are interested in. Identify who has access to it
Catching the former contractor would only have been possible because of applied monitoring. The company was very well aware of the complexity of their information-sharing infrastructure. In order to get back in control, the organization installed monitoring software. This allowed them to identify who accessed what files. After the fraud was discovered, it was a matter of inspecting the audit log to find out who had access to the leaked information. Apart from the people from the finance department, it was Kenneth who accessed these files. He got caught.
# Monitoring fits in a continuous learning solution to discover who uses what data.
Not only retrospective studies benefit from monitoring. Monitoring fits in a continuous learning solution to discover who uses what data. By analyzing who the regular users are of a specific set of files, it is often able to determine who the owner is. This allows determining who should and should not have access to these files. Finally, this knowledge should be transferred in access controls to restrict access to overly exposed files. Not without a trace
They may try to intrude our systems. They may even succeed in trying to do so. However, they should never enter and leave without getting identified: not without authenticating the intruder. They may intrude our systems, but they will never leave anonymous. Not without a trace!