Barbarians Inside the Gates

In our many discussions around Trust we’ve tended to focus on what organizations have been typically most concerned about – the barbarians at the gate, a.k.a. external threats. Sophisticated government-sponsored hacker teams, regional disasters, and critical device failures are the bread and butter of our daily work lives, and they’re what we tend to focus on when we’re trying to get management to fund the next big project. But what about the arguably larger source of Trust threats – insiders and trusted agents? Social dynamics make us want to trust our fellow workers, and in many instances even mentioning the potential for insider threats can get you branded as not being a team player. Yet how many Trust (security/availability/recoverability) incidents can you recall in your career that can be directly attributed to actions by so-called ‘trusted’ agents? A manager deleting the wrong file, a service provider employee flipping the wrong switch and shutting down power to a whole data center, a customer service rep emailing an unprotected spreadsheet containing PII to someone outside the organization – everyone has one or more experiences dealing with events like these somewhere in their career, and most likely many such stories. So how can we handle these types of incidents without having to position ourselves as conspiracy nuts? That’s one of the major benefits of EMC’s Trust Redefined approach – it allows organizations to easily respond to Trust incidents regardless of the source and scope, leveraging the same solutions and tools that you would use to handle external threats, without any significant additional investment.

From an availability perspective, traditional active/passive DR solutions were costly to implement and activate; as a result management and IT were reluctant to invoke the DR plan for anything short of a major disaster. If a lower-level availability incident occurred, the IT team would usually have to manually clean up the mess by restoring data and rebuilding servers. By implementing continuous availability into the underlying infrastructure utilizing tools such as VPLEX and VMware VMotion, organizations can easily (and automatically) recover from any scale of outage, from a single server being brought down due to a bad configuration change to an entire data center being destroyed, with minimal interdiction by IT.

For recoverability organizations have typically relied on multiple disparate ‘heavy’ backup processes and tools, with limited coverage and difficult to manage restore capabilities. Restoring lost or destroyed files or servers could take hours or even days, resulting in huge impacts to the business. As with availability, tools such as EMC Networker and EMC Avamar allow centralized backup to be integrated across the underlying infrastructure, with rapid response self-help restores being performed in minutes and with minimal IT intervention.

Security is arguably the most critical Trust aspect when considering insider threats, as organizations must consider not only malicious insiders but the much more common ‘accidental’ threat as well. That’s where EMC/RSA’s  intelligence-driven approach to security can help, and tools like RSA Security Analytics (SA) and Data Loss Prevention (DLP) come into play. RSA SA is designed to monitor and analyze across the entire infrastructure, not just at the perimeter, so that suspicious activity happening inside your environment, regardless of the source, can be quickly identified and handled. RSA DLP can be used to monitor what data is moving out of your environment via email, FTP, the web or cloud, and can be configured to automatically notify users that they’re doing something that violates policy and gives them a chance to prevent that ‘oops’ moment from even happening.

The insider threat to Trust is here to stay, and as environments move into the 3rd platform the problems are only going to get more complex. Traditional approaches to security, availability and recoverability were not well positioned to respond to these threats, which typically had to be handled with unique (and often expensive) processes and technologies. EMC’s Trusted It Redefined approach moves controls for all three of these areas deeper into and more broadly across the infrastructure, providing support for handling insider events without the need to invest in a whole range of unique processes and technologies.

No Comments