Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data Governance Key In Prevention Of Breaches

Varonis Systems : 25 July, 2011  (Technical Article)
Varonis comments on the Department of Defence data breach in the USA blaming inadequate monitoring of sensitive data

As news of a major data breach involving the computer system of a major US Department of Defense contractor unfolds - with 24,000 `sensitive' Pentagon files being lost in the process - data governance specialist Varonis says the data loss is a classic example of what can happen when  large volumes of sensitive data are not adequately identified and protected.

"Although the exact details of the data loss are still being revealed, it is likely the Pentagon is in the process of trying to identify how much of the data that was stolen was sensitive and where it was stolen from. Much of the stolen data was also likely unstructured or semi-structured, residing on file share accessible throughout the organization," according to David Gibson, Director of Strategic Accounts and Technical Marketing at Varonis.

"With 26,000 employees, the Pentagon generates a vast amount of digital data every single day, attempting to manage and protect all of this data without some type of automation that provides visibility into what data is sensitive, where it resides and the access permissions settings leaves it vulnerable," he said.

Unstructured data, Gibson went on to say, is typically comprised of documents, emails, spread sheets, images, videos, etc. – much of this data is stored on File shares. The problem with unstructured data - which typically accounts for 80 per cent of data in a large enterprise – is that it been a challenge for IT to manage and protect with native OS auditing features, he explained.

While you can say that a specific employee accessed a given database record at 13:37 last Tuesday afternoon quickly with many applications, the same level of auditing is virtually impossible be applied to unstructured or semi-structured data without some form of software automation because of poor native auditing functionality and the sheer volume of the data files involved.

And this is the kind of data, when not identified and managed, says Varonis' director of strategic accounts and technical marketing, that can enable someone to grab 24,000 sensitive Pentagon files by simply downloading large chunks of data from a file share.

It is, says Gibson, interesting to note that the data went missing while under the stewardship of a contractor, which suggests that the data was possibly stored in a secure private cloud-like repository somewhere in the US.

"Private clouds are extremely popular in major enterprises on both sides of public/private sector divide, as they allow access to similar economies of scale that you get with - for example, Amazon's public cloud service - but you are able to impose your own levels of security on the data repositories, since you are effectively contracting the data storage out to your own rented datacentre," he said.

"No-one is saying what the data was exactly, or who was responsible for the successful data incursion. One thing is for sure, however, and that is that the new cyber security rules that the US DoD has drawn up will only stop this sort of thing happening again provided they are implemented with technology that shows organizations what data is sensitive, where it resides, who has access to it and who is using their access," he added.

"It will be interesting to see what levels of authentication, authorization, and auditing these new rules impose on the US government's data centres and contractors. Anyone that handles large volumes of data will be watching the news reports with great interest."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo