Data at Rest: Dormant But Dangerous

Friday, February 10, 2012

Simon Heron

A88973e7d0943d295c99820ab9aeed27

Generally, data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting data security measures in place, it is important to consider data in all three of these states and address the particular risks associated with each.

This article examines data at rest and proposes strategies to minimize the dangers inherent to data in this state.

The Information Commissioner’s Office (ICO) has been given the ability to fine organisations up to £500,000 if it deems that they are not taking data security seriously. Consequently, IT managers must ensure that they don’t overlook the potential risks associated with data at rest.

The first precaution is to simply not collect data that is not required. This seems obvious but it is surprising how much data is stored needlessly increasing the risk profile for a company.

Another is to actually locate data. It is common place for companies to discover data that had been totally forgotten about when they carry out data discovery. By ‘shredding’ data that is not required, the task is simplified from an infrastructure point of view, as well as security and compliance.

Data classification is a good step in understanding data, but it can be a difficult task to determine what is confidential and what is not. Frequently, what appears harmless can give a hacker or social engineer an advantage.

The basic defense here is full disk encryption (FDE) and embedding the process in the company procedures. FDE will go a long way to protect against data going missing. It is not a panacea; users will forget their password, will use the same password everywhere, will choose a simple password or write down a complex one and stick it on their monitor.

However, as evidenced in many news stories this year, this simple precaution would have saved so many companies to date from data loss when laptops and digital media go missing.

There are a number of other strategies to make data at rest safer. A classic approach is to split the data across a number of servers (called secret sharing) so that a hacker would have to hack all the relevant servers before accessing the data. Another way of improving security is split-key cryptography.

In this situation, instead of reassembling the key to use it, part of the cryptographic calculation gets run on one computer with part of the key, then the document gets moved to a second computer where the second half of the calculation is carried out with the second part of the key.

The challenge with split-key cryptography is making it part of the work flow, so that administrators and users find it transparent.

A novel solution against both insider and outsider attacks is to inflate all data to many times its actual size, so a database that would have normally occupied 10 gigabytes of storage would then use 10 to 20 terabytes. Any thief would immediately run into problems of scale copying or downloading this data.

Even if attackers just try to access a small portion of the data, they will still have issues, as the real data is probably stored across a number of shares, effectively implementing secret sharing. This approach does mean that the owner has to have a large infrastructure, but for companies considering this strategy, the cost of hard drives is not going to be significant against the value of the data.

One strongly recommended precaution is to keep the encryption appliances separate from the database server. This again ensures that a hacker has to compromise two machines rather than just one. There is not much point in encrypting data if the key to decrypt it is easily at hand.

It is also important to consider the security of any backups taken and make sure that they are fully encrypted. Frequently, backups are kept off site and with a third party whose security may not match the company’s, so whilst off-site backup is very important, it provides another way to access that data.

However, with encrypted backup, the trustworthiness of the individuals at the remote site is a lesser concern than with unencrypted backups. Obviously, the desired position is that the third party shares the same security posture as its customer.

Finally, organisations should review the security at their data centres and take into account the full lifecycle of their hardware. Hard discs eventually leave data centres, can be stolen, lost, retired, repurposed or broken.

In all these cases, they will have data on them that may be sensitive. Company policies must be written and enforced to ensure that data cannot fall into the wrong hands in this way.

Cross-posted from Redscan

Possibly Related Articles:
12551
General
Information Security
Encryption data destruction Enterprise Security Storage Databases Security Strategies Backups Data Loss Prevention DLP Cryptography Data Protection Simon Heron
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.