Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

How Are Security Solutions Becoming More Utilized For The Protection Of Online Data?

July 2018 by Mike Ahmadi, CISSP, Global Director – IoT Security Solutions at DigiCert.

The proliferation of online data has led the entire world of computing down a path of utter reliance in “cloud based” storage. The ubiquity of online data is transparent to many users. If one considers something as basic as a smart phone, it does not take a user long to realize that the inability to connect to the Internet means that their beloved smart phones shed the vast majority of their usefulness and functionality. Device manufacturers and application developers have quickly learned that building and maintaining content storage and content serving engines that are both robust and secure are a critical part of providing a rich and dynamic user experience to their growing customer base, and the inability to deliver a consistently rewarding experience to users means losing users to the constantly growing and evolving competition.

So when one considers the notion of how security solutions are becoming more utilized for the protection of online data, understand the term “security” is not simply about keeping bad guys out of places they are not supposed to be, but also (and perhaps predominantly) about securing the continued operation and longevity of the business models that organizations rely on for growth. This is why it is best to consider the classic CIA triad (confidentiality, integrity, availability) when examining this question.

Confidentiality: Simply put, confidentiality is about keeping things secret from anyone who is not authorized to know the secret. This could be anything from financial information, trade secrets, medical data, battle plans…or anything else one would like to prevent others from seeing. With the growth in online users over time it has become increasingly difficult to keep prying eyes off of our online data. At one time it was considered acceptable to use “security by obscurity” to protect information, then eventually complex passwords, but today organizations are utilizing HSMs (hardware security modules) with tamper evident microcontrollers and PKI (public key infrastructure) in order to offer much higher assurance that secrets remain secrets.

Integrity: Integrity is all about making sure the data remains intact and unaltered once it has been created and is either moving through networks or at rest in storage. In the days of pencil and paper this was accomplished by keeping copies of information with versioning applied (usually a date stamp sufficed) and cross checking if a question arose, or simply just to make sure nothing was inadvertently altered. With the vast amount of fast moving data available today in the online world, existing only in bits and bytes on magnetic or logic-based storage media, new methods have arisen (new being a relative term). Today data is “hashed”, meaning it is assigned a value based on its current composition, and if data integrity is questioned the data can be hashed again and values can be compared, and if the data changes the hashes will not match and you know the data integrity has been compromised. Systems also log data access and changes so failed integrity checks can be more easily investigated for specific moments where the data changed. Additionally, data is often mirrored in real time, in case one system fails, and regular backups are often taken to allow organizations to go back in time if needed.

Availability: This is the area where I believe the greatest improvement has happened. Ultimately not being able to access data when it is needed or wanted is what is likely to have the most immediate impact on online users. The massive increase in bandwidth of data networks coupled with the growth in speed of computers of all sizes has led to real-time availability that allows the seemingly impossible to occur. I can take a picture with my phone and have it appear on my desktop and 3 different online storage sites within minutes (sometimes seconds). If I lose my phone or laptop I can restore all my data from online backups by simply buying a new device and authenticating to online servers that will automatically make me whole again. Organizations do not necessarily have to provide all of the methods for ensuring availability, by merely providing an API so other organizations can get in the game. An example would be Apple providing the capability for Google and Amazon to back up my photos. This allows Apple to give me peace of mind without having to manage all the means of availability.

This is certainly not an exhaustive list, and it is also important to understand that organizations users choose to do business with in the online world are not necessarily always providing all of these features…nor are they always doing a good job. It remains the responsibility of all of us to do our own due diligence in order to ensure that our online experience remains secure. I do believe we are all getting better at this, but we can always do more.




See previous articles

    

See next articles