Page 13 - CDM Cyber Warnings February 2014
P. 13
sort of attack turns a single exploit incident into a persistent accessed, stolen or copied no longer holds true. Physical
attack which can compromise data processed on the server attacks can undermine data at rest and SSL encryption, as
in the future well as other data protection mechanisms, through a
variety of techniques. Fortunately, advances in
Bad actors can poison the IT supply chain with malicious, microprocessor and virtualization technologies are
backdoored hardware devices through trickery like selling making it possible to protect data in use regardless of the
network cards at a steep discount, or even bribing insiders circumstances
to install malicious devices.
About the Author:
Oded Horovitz is CEO of PrivateCore (www.privatecore.com) and an expert
Visibility & Lawful Intercepts in virtualization, cloud computing and information security.
While enterprises typically protect information against
unlawful access attempts, they also need to consider lawful
intercepts. Governments around the world have a variety
of legal means to compel enterprises and service providers
to hand over sensitive information. Legal justifications for
lawful interception vary by country and include the Foreign
Intelligence Surveillance Act (FISA) in the US and the
Regulation of Investigatory Powers Act in the UK.
Law-abiding enterprises, including law firms and other
service providers, are compelled to respond to legitimate
and lawful requests for sensitive information. However,
maintaining complete visibility and awareness of such
requests is critical for organizations in order to protect their
brand reputation and formulate a response when such
events occur.
While a company would be aware of a lawful request if their
information is held on premise, a service provider can be
compelled to divulge information without notifying the
data�s owner. Even if information is encrypted while at rest
in the cloud, the encryption keys to unlock that data are
typically accessible in memory. Governments can compel
service providers to provide a copy of server memory and
subsequently parse it to access the encryption keys
necessary to unlock encrypted data unbeknownst to the
enterprise data owner.
Conclusion
The concept that encrypted data on servers in the cloud, a
hosted environment or an enterprise datacenter cannot be
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 13