Imperva sees file security as a key issue for 2011
SYDNEY, November 26. Imperva, the data security leader, predicts a sharp rise next year in the number of organisations that will suffer massive file-related breaches.
The company’s Chief Technology Officer, Amichai Shulman, says a growing number of breaches where compromised data is in the form of files rather than database records. Consequently, organisations will rush to seek effective tools for controlling access to repositories of unstructured data, mainly file servers.
“We estimate that the number of compromised files, and the number of organisations that suffer a massive file related security breach, will rise,” said Shulman.
He added that even PCI 2.0 has recognised the security aspect of storing data in different locations. In October 2010, the PCI Council released an updated version of their security standards, which included the clarification of controls to include all data containers likely to hold sensitive data that goes beyond databases.
While most business applications use structured storage (databases) to maintain and process sensitive and critical data, users are constantly creating and storing more and more unstructured content, based on the information taken from these systems. Recently, Gartner made a similar observation. Examples include: Excel spreadsheets (based on data extracted from order processing systems), presentations (based on financial results taken from the ERP system), and medical lab results sent as letters to patients. These are just a few examples of the process in which sensitive information is disseminated from the structured to the unstructured world.
The volume of data is also growing, and is estimated to increase by 60 per cent annually (IDC 11/09). Based on recent research, 80 per cent of all data in the organisation is stored in files. Increased sharing habits of data between users, as well as data retention policies that require organisations to store any work product for posterity, contribute to this growth.
With today’s available tools, controlling access and usage of these files can be an extremely daunting task. Since each file is an autonomous entity, with respect to content ownership and access control (contrary to a database record), maintaining control of who can access a file is anything but possible. This is also true with regards to keeping track of access to those files that contain sensitive information. Each file is autonomous, with respect to its contents (unlike database records), and users are autonomous, with respect to contents of files they create (unlike database records that are created by pre-programmed applications). The inability to maintain control may result in excessive access privileges and an inadequate audit trail of access to sensitive information.
The variety of repositories that keep unstructured data is also growing. While traditional file servers still prevail, internal document management systems, such as SharePoint or Documentum, are increasing as well. At the same time, cloud-based offerings, such as GoogleDocs and Jive, are also becoming part of the enterprise IT.
Individuals often abuse this fragile situation by obtaining unauthorised access to large amounts of files, resulting in compromised contents. Incidents in 2010 suggest that massive leakage and compromise of sensitive information is indeed becoming a clear and present danger. The most notorious being the disclosure of 400,000 sensitive US military documents related to the war in Iraq by Wikileaks (which followed a previous disclosure of 70,000 similar documents regarding the war in Afghanistan). While not confirmed by Wikileaks, these were deliberately handed to the site administrators by a (very) small group of individuals.
In another incident, a former Goldman Sachs employee stole source code used for a proprietary high-frequency trading program. Court documents revealed that the software generated millions of dollars in profit each year. To steal the code, the former employee used his desktop to upload the code to a server based in Germany. The bank was able to identify his activity after observing large amounts of data leaving their servers, which led to his arrest.
Although unstructured data breaches are mostly an internal threat, a recent attack on law firm ACS:Law demonstrates the potential for external threats as well. In this case, hackers obtained an unencrypted (archive) file stored on one of the firm’s servers leading to the leakage of personal information from 500,000 files.
These examples, which include the DuPont case where documents were transferred to a Chinese competitor by a former employee, all follow earlier incidents related (mainly) to Cyber Espionage.
Organisations aiming to reduce the risk of file exposure should begin the process of budgeting and planning for the next generation of file access monitoring and governance tools. Key characteristics to look for include:
• Policies set and expressed by content of file, rather than metadata.
• Flexible deployment, without impacting data stores or network architecture.
• Adaptive deployment with focus on the most accessed files, without compromising the ability to track sensitive information in older files.
• Ability to identify file owners and excessive rights to files.
Imperva is the global leader in data security. With more than 1,200
direct customers and 25,000 cloud customers, Imperva’s customers include
leading enterprises, government organisations, and managed service providers
who rely on Imperva to prevent sensitive data theft from hackers and insiders.
The award-winning Imperva SecureSphere is the only solution that delivers full
activity monitoring for databases, applications and file systems. For
more information, visit www.imperva.com, follow us on Twitter or visit our blog.
Phone: +65.6749 4482
Mobile: +65.9666 1886
PR Deadlines Pty Ltd, for Imperva
Phone: +61.2.4341 5021
Mobile: +61 (0) 408 408 210