Technology and security practices continue to evolve, with a considerable shift in strategic focus in recent years. Current thinking is that legacy perimeter security can no longer serve as the trusted means to foil attackers. Some even contend that legacy perimeter security no longer has validity at all—especially in the cloud.
Two approaches have arisen to contend with this reality that packet inspecting walls around organizations no longer work. The first relies on the premise that attackers will eventually gain access and security teams need to find and stop them as quickly as possible. The second focuses on the idea of securing data directly. Regardless of what is happening in surrounding infrastructure, data can be locked down and protected from would-be attackers or rogue insiders. Data becomes, effectively, self-securing.
Finding true, early signs of an attack and directing resources for swift remediation has been the holy grail for security teams for years. Early IDS and IPS systems tried to nab malicious software and attacks and mitigate its effects. SIEMs were designed to serve as a comprehensive information center for threat detection, compliance and security incident management. SOCs were organized as a central command post to investigate, triage, and respond to significant incidents in real-time. Emerging products and categories, such as EDR, UEBA, NTA and XDR, have sought to find early attack activity with speed and fidelity—with varying results.
Absolute data security is the more promising approach but has taken a circuitous path to adoption. DLP has evolved significantly to add protection and policing to data. Zero-trust asserts a “trust no one” approach to control user access to applications, and, more recently, to public and private cloud data. Hardware security modules (HSMs) have provided more expensive and vastly more complex mechanisms for data security. And encryption has become almost universally deployed—especially for data at rest and in transit.
While this is certainly a move in the right direction, it leaves a dangerous gap in the ability to fully lock down data. Data may be protected while in motion or stored on disk, but it’s still left fully in the clear during runtime. Insiders or attackers who can gain access to systems and servers also gain unimpeded access to data, code and algorithms residing in unencrypted memory. Lack of runtime data encryption completely undermines the effectiveness of encrypting data in motion or at rest. Encryption keys are fully exposed in memory—giving even unskilled attackers the ability to gain access to applications, storage and communication systems.
But that’s now changing. It’s now possible to protect data and applications at runtime. Hardware-grade encryption or isolation for runtime data are built into the latest generation of microprocessors—now widely available in the public cloud. Unfortunately, this requires modifying applications to take advantage of this capability.
New software technologies are available that allow enterprises to access this protection without requiring any changes to existing applications or processes. This confidential cloud software enables applications—even unmodifiable packaged and legacy software—to be deployed securely as is, while extending the hardware runtime encryption to data at rest and in motion. Finally, we now have a seamless layer of encryption that covers all three states of data.
Seamlessly locking down data is a critical leap for security effectiveness. It keeps insiders and bad actors who gain access to a host from using critical data. One of the central tenets of security strategy has been implementing security in layers and using multiple systems, policies and procedures to add a decisive advantage against the inevitability of a breach without completely replacing other systems. Seamless and gapless data encryption adds the ability to keep data away from both insiders and attackers with very little cost, virtually zero overhead and no changes to process or personnel.
This doesn’t eliminate the possibility that attackers will try to find a way to evade capture. They continue to advance their game—with the fundamental advantage of unlimited opportunities to wreak havoc. However, fully locking down data will dramatically shift these odds and restore an almost absolute data security advantage to defenders.