In this era of instant access to news, information as it happens, or in some cases before it happens how can we not know where something is? Between traditional media and social media, not to mention public on-line web sites, along with big data powered government (or private) surveillance using radar, cell-phone or other radio based, not to mention satellite tracking, how can we not know where things are?
Do you know where your data and information are or have been?
Do you have positive control over where you data and information have been?
Is your data and information exposed to dark territories?
With the recent disappearance of Malaysian Airlines flight 370 (MH 370) a Boeing 777 flying from Kula Lumpur to Beijing China, how can we not know where it is? After all, we all have public access to sites such as FlightAware and FlightRadar among many others, not to mention sites we in the public may not have access to. Same with using Cell phones or other forms of electronics, surely in the 7×24 non-stop, always connected world we should have insight and situational awareness as to where things are always at, right?
Wrong!
As MH 370 is showing, we still have what are referred to as “dark territories” a term that dates easily back decades if not centuries including with Rail Roads. A “Dark Territory” is known as an area where there is no direct or positive control and tracking such as when a train used to be out in the middle of nowhere, something that has for the most part if not completely been addressed with GPS, cell phones and other RF (Radio Frequency) based technologies. What about an airplane, why cannot we see where they are all the time?
We assume that all radars always can see where planes, trains and other things are all the time yet there are gaps in coverage or dark territories. For example, use FlightAware or FlightRadar among other tools and when a flight is overland with good coverage there is good positive control and tracking, that is unless the plane is blocking its transponder signal, or the flight is being blocked by the site for security reasons.
On the other hand, once the plane goes into dark territory such as out over the ocean where Radar and other tracking sites are few, radio signals weaker, and keep in mind, not all vehicles or planes have the same tracking capabilities yet that your cell phone has in your living room, you have questionable tracking data. In other words, garbage data or information in, garbage results and insight or awareness out.
What does this have to do with information security?
In the transportation industry, terms such as “dark territory” have historically been used by railroads (among others) to indicate areas with minimum to no management or positive control coverage. Other transportation related terms include “blind spots” or “flying blind” to indicate lack of situational awareness that can result in loss of management control.
Possible areas information data and storage “dark territory” or gaps in coverage:
– Public or private clouds that lack visibility into how and who is accessing resources
– Shipping containers containing storage systems or media (SSD, disk, tape or CD)
– Lack of leak detection on public and private networking links
– Physical and logical tracking of where data or storage mediums are during transit
– Who has access to eDiscovery, search or data classification tools and audit logs
– What physical access and audit logs or trails exists, how they are preserved
– Inventory tools including RFID for tracking fixed and removable assets
– Physical security and logical or encryption for data in-flight and at rest
Figure 1 “Eliminating “dark territory”, “dark clouds” and blind spots
In the top left of figure 1, various technologies and techniques are shown that are used at the source and destination for managing digital assets and media. Also shown are issues and lack of real-time management insight while assets are being moved in blind spots.
When it comes to moving data electronically via a network transfer or via shipping physical media, you may know when and where it left as well as of its estimated time of arrival (ETA), but do you know where the data was during transit or while in flight? Do you know who may have had access to it or been able to view its content, particularly if it was not encrypted? Can you provide auditable trails or activity logs of where the data moved or deviated from planned routes or paths?
General action items include:
– Gain situational awareness to eliminate dark territory or blind spots for security
– Establish multiple layers of defense leveraging physical and logical technologies
– Leverage different technologies and tools in different places to counter various threats
– Many issues are common across physical, virtual and cloud environments
– Establish a security model that enables while protecting
So ask yourself this question, do you know or can you find out where you data and information has been while in transit, both physical as well as via electronic transmissions?
Ok, nuff said (for now)
About the author
Greg Schulz is Founder and Sr. Analyst of independent IT advisory and consultancy firm Server and StorageIO (StorageIO). He has worked in IT at an electrical utility, financial services and transportation firms in roles ranging from business applications development to systems management and architecture planning. Mr. Schulz is author of the Intel Recommended Reading List books “Cloud and Virtual Data Storage Networking” and “The Green and Virtual Data Center” via CRC Press and “Resilient Storage Networks” (Elsevier) and a four time VMware vExpert. Learn more at www.storageio.com
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.