1

Safeguarding the Enterprise: a new approach

Sanjay Sahay

Introduction

Attacks on the enterprise are getting increasingly sophisticated. Current solutions

available do not seem to be adequate given the innovativeness, precision and

persistence of these attacks in different forms and of different dimensions.

Organisations thus want to increase the sophistication of their employees and also of

the solutions to be deployed given this backdrop.

Facts & Challenges

Research shows that 55% of the breaches requires months to years to contain

(Verizon 2010 Data Breach report), 16% of breaches are discovered via active and

deliberate action. Only 24% of APT malware is detected by an anti-virus solution.

(Mandiant 2010) Logs are at the heart of monitoring and use of logs for the right

purpose and in the right directions can come handy immensely. Mining of logs throws

up data which the professional can make a meaning of. The signs are there, we just

need to get better in recognizing them.

This is the challenge of safeguarding the enterprise. “We watch these attackers and

we know them. Some are very fast moving…, if you lose track of them in your

system, you can lose them for months if not forever. The impact of damage cannot

be gauged at a later date and real impact would remain unknown forever. This brings

us to the primary question of why safeguard the enterprise. The enterprise has to be

safeguarded primarily for two reasons the first being the physical security, it cannot

exist in a vacuum and the second being the safeguarding of the data.

Structure

During the course of this article I will take you through my definition of a

safeguarded enterprise, the new approach – Gartner White Paper, goals, security

risks and key success factors, security architecture, data center, connectivity and

application, application data security life cycle, security information and event

management, single sign on, the future- cloud computing and the final thoughts based

on the discussion gone through this article.

2

What is a safeguarded enterprise

Safeguarded Enterprise is the sum total of a clear – cut perception,

appropriate/integrated planning, documentation, meticulous execution ad

dynamic/robust maintenance of enterprise security policy at awareness, attitudinal,

physical, systems, processes, application and data dimensions throughout the

enterprise creating a near fail safe enterprise.

Silo

Silos have ruled the world till we realized what a silo is and the way it feeds like a

termite on a system, which is an integrated system, for namesake. So was the case

of security in the Enterprise Business Architecture. Business, information and

technology (BIT) were the three components. The new approach emanates from a

Gartner White Paper in the year 2006 titled ‘Incorporating Security into the

Enterprise Architecture Process’. This led to the creation of Enterprise Information

Security Architecture with four critical components of Business, information,

technology and security (BITS). BIT changed to BITS and security became a design

component itself.

S E a new approachEnterprise Information Security Architecture

• Architecture• Architecture

• Architecture• Architecture

Business Information

SecurityTechnology

3

In the midst of the clamor for a fail safe data regime which would be nonetheless be

a mirage, the importance of physical security should not be diluted. My visit to

Indian IT companies in Bangalore has helped me confirm by belief that physical

security stands at par with data security though the two are distinctly different

thought processes, are different in execution and would remain to be complimentary

for all times to come. 9/11 has been a watershed in modern human history, the

location of the Taliban attack Ground Zero as is its called was a rubble of what was

best of the companies in the world housed in the World Trade Center towers 1 & 2.

Whatever come may… physical security will always count, whether on land, in air or on

water. This does not in any way bring down the importance of the Disaster Recovery

process of our state of art data centers which were able to retrieve nearly all the

data which was physically located on the servers and computer systems in the two ill

fated buildings.

Goals

The goals of Enterprise Information Security Architecture is to provide a structure

that is coherent and cohesive. As the business motive is predominant in a business

enterprise, the business to security alignment in critical. Any disconnect would be

critical to profitability and at times to the existence of the enterprise itself. The

details ought to neatly spelt out, top down which should be synchronous in itself and

synergize with the business strategy. At the end of the day, this approach helps

establish a common language for information, for its free flow, clarity of

communication and timely and effective response mechanism for information security

within the integrated enterprise.

Risks

The common risks which the enterprise faces today is all too well known. This can

broadly be summarized as mentioned below:

Email attachments

VPN Tunnel vulnerabilities

Blended attacks

Diversionary tactics

Download from websites

Supply chain and partners added to the network

Microsoft’s SOAP

4

Renaming documents

Peer to peer applications

Music and video browsers

Key Success Factors

Awareness of the impending danger is the initiation of diagnosis and objective

diagnosis can only lead objective treatment and maintenance of a healthy enterprise

both form the point of view of physical and data security. Security awareness in all

its dimensions creates an environment where all success factors fall in place like a

jigsaw puzzle, the people, the processes and technology. One the security awareness

human platform are the two main technical components of Network Security and

Application Security. Operating system security, Patch and AV management and SIEM

are the three components of the final layer which can be termed as the operating,

functional and the analytical layer.

Security Architecture

The key success factor is the synergy of People, Processes and Technology creating a

seamless security architecture which is optimally functional and has the capability to

propel the enterprise to the next level. The people part comprises of user awareness,

guidance, administration and effective monitoring of the system. The processes part

comprises of policies, standards, guidelines and audit capabilities. Last and the most

important component in a technology driven world is technology itself manifested by

the use of IPS, Firewall, AV, DLP and SIEM.

Defense of Depth

“Defense of Depth” is a concept used to describe layers of defense strategies. The

components at each layer work in tandem to provide one cohesive security mechanism.

This layered approach also helps localize the impact if one element of the mechanism

is compromised. The defense of depth layers concentric circles begins moving

outwards with the Data at the bull or the innermost circle. The circles from the

innermost to the final outside circle are data, application, host, internal network,

perimeter, physical and policies, procedures and awareness.

5

At the Core

Data Center, Connectivity and the Application are at the core of the enterprise

security. The main purpose of a data center is running the applications that handle

the core business and the operational data of the organization. Secure application

usage is the key to the creation of a secure enterprise.

Secure connectivity is the backbone. The Karnaktaka State Police broadband

networking is a intranet named KSPWAN which is a combination of 39, 2 Mbps MPLS

leased lines for big offices, 512 Kbps 1400 VPNoBB connections covering all police

stations and small offices and 8Mbps internet leased line with and aggregation

bandwidth of 32 Mbps working as a single network of 5000 computers across the

state working out of a single server located at the KSP Data Center. The choice of

intranet over internet is the first decision towards security of the enterprise which is

slowly becoming the norm in enterprises across the globe.

6

S E a new approach

KSP Connectivity

Application/s is at the heart of the enterprise. An ERP created for the enterprise

aligns to all its tasks and activities also takes care of all the staff functions which

run co-terminus with the business functions. Secure ERP on an intranet is what we

are all heading for.

The Application Data Security Lifecycle (ADSL)

SE a new approachThe Application Data Security Lifecycle

Assess Set Policies/Controls

Measure Monitor / Enforce

The Application Data Security

Life Cycle

7

The diagram clearly elucidates the role of different components of the ADSL. The

lifecycle as is the case with concept and process starts with the assessment

encapsulating the configuration/usage of servers and data, test configuration,

evaluate the inherent risks and also assess how and by whom the data and

applications are used.

Setting polices and controls is the subsequent task. The policies should be

automatically created considering the right mix of business and security

considerations with the flexibility to adapt to user changes and support granular

policies and controls. Monitoring and enforcing is more important than creating the

policies itself. The separation of duties should be ensured simultaneously with user

accountability. The transaction details should be in a comprehensive manner and alerts

and blocks should be resorted to in real time. Measure is a tool, an utility which

provides the appropriate usage, levels of effectiveness and the depth of the impact

of the system put in place which is conducted by way of built in and custom reports,

roll up and drill down data, security event analysis and the compliance workflow.

Security Information & Event Management (SIEM)

SIEM, an intelligence platform helps safeguard the business by giving complete

visibility into the activities across the IT infrastructure. It fulfills the functionalities

which would be not be emanated out of single activity logs and without this software

system no correlation can be mapped or understood leave aside taking any correctional

action. Logs are the cornerstone of all activities and making meaning of the logs as

per our requirements is the real professional tool. The functionalities being attended

to by this software are asset discovery, threat detection, vulnerability assessment,

event collection, correlation, event management and log storage. The SIEM

capabilities comprise of data aggregation, correlation, alerting, dashboards,

compliance and retention.

Single Sign On

Single Sign On, SSO, is a property of access control of multiple related, but

independent software systems. Conversely, Single Sign Off, is the property whereby

the single action of signing out terminates access to multiple software systems. The

benefits we derive out of this system are as follows:

More secure

Reduces password fatigue

Reduces time spend for re-entering passwords

8

Reduces IT costs – helpdesk calls pertaining to passwords etc

Security on all levels of entry/exit/access to systems

Centralized reporting for compliance adherence

Cloud – The Final Frontier

Cloud computing has turned out to be the final frontier as on date, with advantages

to so many but procedurally and technically still not seeming to full secure.

Enterprises my still take sometime to switch over to complete cloud environment.

There are large number of security issues/concerns associated with cloud computing

which can grouped into two, firstly security issues faced by cloud providers and

secondly security issues faced by their customers. The provider must ensure that

their infrastructure is secure and client’s data and applications are protected. The

customer must ensure that the provider has taken proper security measures to

protect their information.

Cloud - Virtualization

The extensive use of virtualization in implementing cloud infrastructure brings unique

security concerns for customers of a public cloud service. Virtualization alters the

relationship between the OS and the underlying hardware – be it computing, storage

or even networking. The use of this technology introduces an additional layer –

virtualization – that itself must be properly configured, managed and secured.

Specific concerns include the potential to compromise the virtualization software.

While the concerns are largely theoretical, they do exist.

Challenges

What we are witnessing today is advanced cyber threats are advanced cyber threats,

collaboration is the key in dealing with them. No single organization can respond

positively given the nature of the challenge posed on enterprises today. There is need

for the creation of an Advanced Cyber Security Center (ACSC) for cross sector

collaboration organized to help protect the country’s enterprises from the rapidly

evolving advanced and persistent cyber threats.

ACSC would strengthen short term defenses and long term capability. Actionable

intelligence to bolster an organizations defense in the short term and generate new

defensive strategies and R&D in the longer term would be the logical guiding principle.

9

The near term results would be application of front line analytics, medium term

results would be the application of New “ Predictive Analytics” Development and the

long term results would true Research & Development which would throw up innovative

security solutions for the enterprise. Though it would time taking yet it would be

worthwhile to leverage on sustainable and continuous research improving the enterprise

security by leaps and bounds.

The other challenges include cloud computing with virtualization which I have already

discussed in detail. With mobility becoming the order of the day, this would remain

an area exclusive concern and most gadgets would be internet enabled where

compromising security is easier than in a closed environment.

Country standards are a must and only international benchmarking which is generally

not enforced can be relied upon completely. The protocols so created, which would

have the sanctity of the law would be universally enforced to bring into existence a

business enterprise regime in this country thriving on its protocol and enforcement

and the enterprise relying on the BITS architecture wherein security would be a

design element from the stage of the concept itself. Secure software with all inbuilt

security features has been be emphasized all throughout this article.

Conclusion

Complexity is our life and making it simple our goal. Technology gains the highest end

with simplistic products and services. The complexity of IT security gets confounded

with innumerable applications, the processing power, the world wide web interface,

cross enterprise collaboration and the like. Cloud computing, though in its nascent

stage has thrown a major challenge to IT security, the success of which would be

epochal and the IT services would take a well deserving leap forward.