Sony hack lessons – protect the data, but also software and secret credentials

 

glow

We do not know yet who did it and how they did it. There is suspicion that known malware was used. Software integrity was likely compromised. Attackers might have gotten their hands on some secret credentials to get in.

Being practitioners of data security for large enterprises, though, we often find that even savvy customers sweep very important security issues under the rug, hoping that nobody will notice. That is, until disaster strikes.

It is now obvious to many people that data needs to be encrypted. They therefore deploy solutions that encrypt their databases, data volumes and storage arrays. Is that enough?

As it turns out, it wasn’t for Sony, as witnessed by the vast array of files leaked through file-sharing networks. If only those files had been secured with persistent strong encryption using a solution like CloudLink SecureFILE!

But the problem runs deeper than a simple lack of security for sensitive files. Despite Sony’s apparent lapses in data security, it is hard to imagine that an organization its size didn’t employ any sort of cryptographic protection for its structured and unstructured data. The trouble is that such protection is only as strong as the management of the keys used to perform data encryption. Let’s consider the case of database encryption. The key used to encrypt the data needs to be placed where only legitimate users can access it. The best place to hide it would be a key manager or some kind of a Hardware Security Module (HSM) using strong cryptographic authentication. But wait, before one can even use a key manager or HSM, how does one authenticate to it? Use SSL you say? But where would one hide private keys to be used for SSL – before connecting to the key manager/HSM? A surprising number of organizations just stick them on local volumes, in cleartext!

There is a multitude of enterprise VMs that use private keys, secret credentials and other valuable bits of data that hackers covet. Think of private keys for SSL acceleration virtual appliances – they are often protected by secret credentials stored right there on system volume, in the clear. What about firewall virtual appliance rules, IDS configuration files, event logs, message queues, etc.? Even if encrypted they are still vulnerable if the keys are not fully protected. And this is where the attackers have an opportunity.

And then there are the applications themselves. While enterprise IT has every right to be proud of their investments in anti-virus and intrusion detection, in the virtual world VMs can be stopped, paused or shutdown. When that happens, in-guest antivirus and IDS protections are unavailable. This leaves applications and the operating system vulnerable to attacks that modify configuration files and executables while the defences are dormant.

The moral of the story? It is not enough to secure sensitive data. We also need to secure the credentials and software used to protect data in this age of sophisticated cyber-attacks.

This creates a strong case for encryption of OS boot volumes coupled with pre-boot integrity checks. CloudLink SecureVM was designed to solve the problems described above. By encrypting the entire boot volume in addition to data volumes, it secures all credentials, files and executables while offering centralized control and monitoring of the VM, including pre-boot authentication and software integrity checks.

Perhaps if Sony paid more attention to such details, nobody would have ever noticed the movie that started it all.

Leave a Reply

proud2b

We are very pleased to announce that CloudLink has been acquired by EMC Corporation.  EMC is the leader in delivering solutions that enable the world to store, manage and leverage data.  The EMC Enterprise Hybrid Cloud enables customers to deploy IT as a Service quickly and easily.  CloudLink is an award-winning provider of software-based data security solutions for hybrid clouds.  As part of EMC, CloudLink will empower customers to embrace the hybrid cloud while addressing concerns around data security and sovereignty, and maintaining regulatory compliance.

Since CloudLink turned its focus to cloud security more than four years ago, we have been heartened to witness the exponential growth of private, public and hybrid cloud and honored to help our customers embrace this new paradigm.  Our induction into the EMC Select partner program two years ago was both a privilege and an excellent opportunity for us to develop solutions that truly address customer needs.  We are eager to contribute to the customer value EMC delivers through its industry-leading innovation, service and support.

Above all, we’d like to extend our thanks to our customers, partners and employees, as well as everyone who has helped us evolve and innovate.  We are very excited to join the EMC family and look forward to continuing our joint commitment to making hybrid cloud a success. If you have any immediate questions, please do not hesitate to contact us at cloudlinkquestions@emc.com.

Sincerely,

The CloudLink Team
PS Read the story behind the acquisition.

×