Divide & Distribute: Counter the Flux of Security Breaches

Behold, the fool saith, “Put not all thine eggs in the one basket” – which is but a matter of saying, “Scatter your money and your attention”; but the wise man saith, “Pull all your eggs in the one basket and – WATCH THAT BASKET. – Mark Twain

Mark Twain’s logic has been the staple food of data protection for many years. However, in the wake of the recent mega data breaches like the JP Morgan Chase,Sony Studios and Anthem, it’s apparent that the old common sense doesn’t work anymore.

Putting all the eggs in one basket: The pitfall of nowadays IT systems

Security is associated with control. The common sense of control is ‘Centralize & Secure’; Limit the number of sensitive/confidential/high-value data repositories, and watch them well.

But what does it mean ’watch them well‘? Mostly encrypt some of them, limit the access to them via policy, isolate them (as far as possible) from the network, etc. Looking at a typical IT system, we will find the following:

  • Data is stored in central repositories. If distributed, it’s spread across very few locations.
  • Security credentials (passwords, encryption keys, certificates, etc.) are stored in a single repository, either secure one (e.g. HSM) or most often insecure.
  • Privileged users (administrators): A very small number of users have unrestricted access to the limited-access resources.

Results? Well, not so good, given the increasing number of massive security breaches and data thefts we’re witnessing almost on a daily basis.Continue reading