Wednesday, December 12, 2007

Simple modeling of data movement in Security 2.0



To employ Security 2.0 thinking lets conceptualize how data moves in our IT infrastructure. To do this we need to know how data enters the enterprise, how it moves inside the enterprise, how it rests in the enterprise (stored) and how it leaves the enterprise. We will keep our model at a high level for now and add more finesse later as the problem and solution start to diverge.

We will eventually talk about what data is sensitive but for now we are going to assume that all moving data contains some kind of sensitive information.

Now might be a good time to realize that data can exist in two fundamental forms as it is used in or infrastructure: Structured and Unstructured. Here are my definitions of these data forms, we can refine them more later:

Structured data

Structured data is data that is processed and saved using a predefined schema. Databases and data warehouses contain structured data. Assess to structured data is usually by a pre-defined schema. Getting into a database requires a password and access via a query language. Typically structured data is presented to users via an application that is logged on and connected to the database and knows the schema. Structured data is stored in a schema that is defined by the programmer of the application. For example SSN's for an application are stored in a specific column in a database and that is all that is ever stored in that column.

Unstructured data

Unstructured data is the data that is typically stored on our files servers, desktops and laptops. It is considered unstructured since it does not follow a known schema. Sure word files are stored in a specific file structure but that’s not what we mean when we say structured. The structure we are talking about here refers to a defined and fixed relationship between the location of a data and its type. Word files can store any kind of data any where in the file, whereas databases store specific data in specific places. Arguably XCEL files might be viewed as structured data in an unstructured form but we will ignore that nuance for the moment.

Now let’s get back to data movement

Ports of entry:

Even if sensitive data enters the enterprise without our knowledge it is our responsibility to protect it. As data enters the enterprise it would be ideal to identify, classify and mark it in a way that allows it to be tracked throughout its life. Although marking data seems theoretically possible, I’m not at this point convinced that this is practical. Even if we found a way to standardize on how to mark data the “bad guys” would find a way to bring it into the clear. Of course encrypting sensitive data is the best way to secure it when it moves but we create a problem of key management. I think that standardizing ways of packaging sensitive information is in the cards but for now we need to deal with the fact that there is unprotected data entering the enterprise and there are no standard ways of identifying it as it travels.

Here is a list of ways data enters our enterprise:

  • Email
  • Instant messaging
  • Web social activity like blogs & wiki’s
  • Web services applications connected to databases
  • E Commerce in B-B applications
  • Physical media like CD/DVD/Tape
  • Flash and USB storage devices
  • Mobile phone memory cards
  • Laptops

Data in motion:

Structured and unstructured data move in different ways it’s for that reason that different methods of monitoring and protection are needed. More later! Data in motion is data that is being/has been or is being moved or removed from its resting place.

Data moves inside our enterprise in two principal ways:

When data is at rest:

Data stops moving at various points in its life cycle. In general we call this storage. Storage can be local disk, shared disk, file shares, CD’s, tapes, flash memory, USB drives and data bases.

So the locations for data at rest are:

  • Data bases
  • File servers
  • CDs/laptops/flash memory
  • USB drives

Ports of exits:

I have to think through this more but to me the movement of data out of our organization is accomplished in chiefly the same way that data moves into it? Can anyone think of a movement in that is not also a potential movement out?

I won’t repeat the list in the “ports of entry” section which also applies to the ports of exit.

You immediately recognize the unusual risk of removable media. Removable storage can be in use, at rest and in motion using the same physical device/media. The reason that we use these devices, their mobility, is the same reason these devices are risks to personal information. For an example, look at the impact a copy of personal data had on the British government. The most disturbing thing about removable media is that once sensitive data is written on it and it becomes mobile it is impossible to track. Mmmmm, should we employ RFID on our CD’s?

In summary structured and unstructured data comes in and out of our enterprises on:
  • Instant messaging
  • Web social activity like blogs & WIKI
  • Web services applications connected to databases
  • E commerce in B-B applications
  • Physical media like CD/DVD/Tape
  • Flash and USB storage devices
  • Mobile phone memory cards
  • Laptops

It rests on:

  • Data bases
  • File servers
  • CDs/laptops/flash memory
  • USB drives

And it moves through:

  • the internal network
  • Physical movement of computers and removable storage

The graphic at the start of this post illustrates our model!

Now that we have a model of the problem that Security 2.0 must solve we can start talking about the solution in an organized way.

Don on Data!

No comments: