data security: in a post snowdon world dvana limited dr katherine bean
TRANSCRIPT
Data Security: In a Post Snowdon World
Dvana LimitedDr Katherine Bean
Introduction
dvAna
Dr Katherine Bean
www.dvana.com dvAnaSQL Bits 12
Three Key Parts
• Introduction• Current situation• Practical solution• Summary
www.dvana.com dvAnaSQL Bits 12
Considerations
1. Transmission method2. Ease of access3. Storage type4. Scope of availability
www.dvana.com dvAnaSQL Bits 12
Opening Our Eyes
The one thing that the Edward Snowdon revelations did, was to show us that our
worst fears, were a reality!
Current Situation
Where We Are Now
dvAna
www.dvana.com
Safe & Sound
www.dvana.com
Hope
www.dvana.com
Fear
www.dvana.com
Reality
www.dvana.com
Reality
www.dvana.com
Reality
www.dvana.com dvAnaSQL Bits 12
Passwords
• Easy to crack• Required for everything• Difficult to make strong• Hard to remember• Assume a trusted environment• Last millennium’s technology
www.dvana.com dvAnaSQL Bits 12
• Widely deployed• Essential for business• Direct access to employees• Vector for malware• User acceptance of everything• Hard to control
www.dvana.com dvAnaSQL Bits 12
Physical Access
• Who should be allowed access• Where should the access be from• How should the access be permitted• When are they permitted access• Why do they need access
www.dvana.com dvAnaSQL Bits 12
Remote Access
• Location access is permitted from• Who has access• Why do they need this access
www.dvana.com dvAnaSQL Bits 12
Bring Your Own Device
• Weather app in German spy case• Data use on premises• Ownership• Device• Data
• Control of device on & off premises• Responsibility• Device• Data
www.dvana.com dvAnaSQL Bits 12
Administrative Access
• Widely available• All encompassing• Why is this true!
Fun
& G
am
es
www.dvana.com dvAnaSQL Bits 12
Users
• Greatest vulnerability• Not security motivated• Indifferent to security needs
www.dvana.com dvAnaSQL Bits 12
Hackers
• Looking to make money• Actively looking for weaknesses• Targeting at random• Everyone looks interesting
www.dvana.com dvAnaSQL Bits 12
Government / Spy Agencies
• Motivation variable• Actively looking for weaknesses• Targeting everyone• Everyone looks interesting
Solution
How to Move Forward
dvAna
www.dvana.com dvAnaSQL Bits 12
Overview
• Applicable to• Digital data• Physical data• Large businesses• Small businesses
• Provides a complete framework• Scalable in scope
Fun & Games
www.dvana.com dvAnaSQL Bits 12
Breached
Your security will be breached
Accept it and move on
www.dvana.com dvAnaSQL Bits 12
DUMP
• Delete• Uninstall• Map activities• Permanently archive
www.dvana.com dvAnaSQL Bits 12
Delete
• Duplicates• Copies of copies• Files you just might need• Files you never needed• Temporary files• All the digital dross you can find
www.dvana.com dvAnaSQL Bits 12
Uninstall
• Toolbars without exception• Web browsers• Auto install junk wear• Legacy versions of frameworks• Google desktop• iTunes and all phone programs• Everything that is not part of the job
www.dvana.com dvAnaSQL Bits 12
Map Activities
• Find minimum data set• Determine user activities• Required resources• Identify personnel• Document everything in detail
www.dvana.com dvAnaSQL Bits 12
Permanently Archive
• Devise archiving strategy• Find archive candidates• Archive the data for:• Online access• Permanent offline storage
• Archives are read-only to everyone
www.dvana.com dvAnaSQL Bits 12
STOP
• Secure • Transfer • Organize• Processes & procedures
www.dvana.com dvAnaSQL Bits 12
Secure
• Restrict data access:• With account restrictions• Compartmentalization• Minimum touch updating
• Restrict system access:• Physical security• Smart card style tokens• Access supervision
www.dvana.com dvAnaSQL Bits 12
Transfer
• Activities:• To appropriate locations• Eliminate duplication• Simplify
• Control to appropriate personnel• Physical media to secure locations
www.dvana.com dvAnaSQL Bits 12
Organize
• Allocate roles• Determine responsibilities• Adhere to processes & procedures• Deploy resources• Solicit feedback• Be rigorous
www.dvana.com dvAnaSQL Bits 12
Processed & Procedures
• Rigorous• Robust• Universally adopted• Comprehensive• Fit for purpose• Not unnecessarily burdensome
www.dvana.com dvAnaSQL Bits 12
BAR
• Backup• Action book• Recovery plan
www.dvana.com dvAnaSQL Bits 12
Backup
• Online and offline• Disaster recovery• Business continuity• Frequent and up to date• Comprehensive• On and off site
www.dvana.com dvAnaSQL Bits 12
Action Book
• Choose scenarios• Determine action• Choose the trigger• Who can make the call• How long do you have• Consequences:• To make the action• To fail to make the action
www.dvana.com dvAnaSQL Bits 12
Recovery Plan
• Kept up-to-date• Always available• Tested regularly• Everyone knows their role• Comprehensive• Business lifeline
Summary
Call to Action
dvAna
www.dvana.com dvAnaSQL Bits 12
Present
• Cybercrime is big business• Date is accessed all over the place• Current methods are:• Antiquated• Ineffective• Providing a false sense of security
www.dvana.com dvAnaSQL Bits 12
Future
• Prepare for inevitable data breach• Always have a Plan-B• Compartmentalise• Restrict access
www.dvana.com dvAnaSQL Bits 12
Next Week
Discuss Security In Detail With Your Senior Management
Questions
dvAna
www.dvana.comDr Katherine Bean