Page 38 - index
P. 38
machine fingerprints, geographical interrogation, second factor authentication and right through to
detailed behavioral analysis.
Adding rigor to User Access Interrogation extends beyond the front door. Real-time user behavior
analysis combined with automated threat response is key to defeating determined attackers. Using
machine learning to understand how users work on a daily basis is crucial.
For an attacker to succeed they must then become the user, a difficult task without obvious means
to extract significant volumes of confidential data.
Securing Data Before It Reaches the Cloud
Securing data means different things to different people. In the realm of cloud-deployed
applications, it means protecting the confidential data used within the application. It is increasingly
rare to hear about attacks on physical databases. It is not rare however to hear about attacks on
applications exposing data stored in databases.
Securing your data at rest requires much more than database encryption. Database encryption is
wonderful for securing the physical database. Unfortunately database encryption (by design) does
not secure data when it is passed to the application for user consumption.
The security issue comes via the way that applications interact with databases. Applications are
trusted users.
Databases give up the data to applications without the mandate to understand how this data is
being consumed or indeed exposed.
Encrypting data before it reaches the application resolves this security weakness in system
architecture. Having the data pass back through a separate encryption gateway that decrypts the
data and makes it human readable is effective at securing the data against application attacks that
bypass security gateways.
It would be neglectful to not mention that data needs to be protected whilst in transit. This in transit
protection can come in the form Transport Layer Security (TLS). TLS encrypts the data in transit
between users and the end cloud applications (SaaS and Web included).
This is network level encryption and provides no security once the data reaches the end application.
Automated Threat Response
There is questionable benefit of having the ability to detect attacks whilst lacking the tools to thwart
them. Threat response is one of the toughest pieces of information security. There has to be a
careful balance in all responses to ensure that legitimate users are not treated with an iron fist whilst
going about their job.
38 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
