Why knowing how your data behaves is the key to cyber security

By Bart Coole, Country Manager Belgium and Luxemburg at VMware

April 8, 2019

Data is everywhere. Whether on your phone, an MRI scanner in a hospital or being generated by IoT, such as sensors in an off-shore windfarm, we are increasingly surrounded by data. It is essential in our hyper-connected world because it generates the foundation of a revolution which is allowing us to achieve more than ever before. Securing that data has never been more critical – or more difficult.

That is because potential vulnerabilities in networks carrying data are emerging at almost the same pace as the growth in the data that traverses them. There are also the added complexities of understanding where data is, what state it is in and how these affect the strategies being implemented to secure it. This has already made traditional approaches to cyber security largely redundant.

Defending against evolving threats

Securing digital assets – by providing a secure path for data to traverse networks, clouds, devices and to arrive in the hands of users where it is needed – is now fundamental. Twenty years ago, the prevailing perception of a “cyber crook” was of a lone keyboard warrior in a basement somewhere. That has all changed. Countries wage digital warfare, organised crime syndicates coordinate huge operations to harvest and exploit information, hacktivists target anyone they deem to be immoral or unethical. Their aims may be different, but they all have one thing in common – they do not care where you keep your data. They only care how they can access and exploit it.

Why? Because even with data everywhere, trying to get at the really important stuff can be too much like hard work for the average cyber-criminal. Why even sweat the difficult stuff at all when an innocent mobile phone connected via an obscure workaround, into a corporate network, or a smart heating hub, or a turbine, is a much easier backdoor?

Where does that leave security? Suddenly you aren’t only having to worry about securing traditional repositories such as data centers in the way you might have done 15 years ago. Now you have to think about everything that generates, stores, sends and might give access to your data. Do you even know where all of those might actually be in the modern world? The potential surface area from which you can be attacked has grown exponentially and continues to do so.

You can’t any longer simply rely on sticking it all behind a single, massive firewall around your network perimeter. The complexity of threats are evolving constantly, and big hard firewalls can’t adapt in line with the real-time nature of end-to-end attacks, where data in transit is vulnerable in new ways. You need an approach that evolves and adapts as quickly as the threat landscape does. That new and radical approach is encompassed by the rapidly emerging discipline of software-defined security to provide cyber-hygiene.

Two types of data, an infinite number of combinations

You can think about data in many ways, but there’s a simple way to approach it from a security perspective – data in transit or data at rest. Data in transit is on the move – traversing from data centers into the cloud, to a device, an application, back to the cloud, and so on.

Data at rest is data stored anywhere digitally and at a particular point in time, is stationary and not moving around a network – in one of those locations previously listed, for instance. Typically this is where data is translated into contextual information.

The value and risks associated with data vary depending on whether it is in transit or at rest and so should the ways you secure it. A deep understanding of what your data is doing at any particular point in time, what it should be doing, when it should be doing it and who is actually responsible for it, is the key to a more flexible, automated, security approach.

Gaining this profound real time insight into what’s happening with your data is critical. You need to learn what ‘good’ looks like. By being able to identify what that should be, you’re then able to utilise new technologies such as AI to identify when something deviates from this and it will halt that operation or data transaction autonomously.

To be clear, this is a much more nuanced task than just being able to identify a deviation from a fixed state of ‘normal’. In modern IT environments, ‘normal’ is in a constant state of evolution and flux – applications and data continually update, interconnections between apps, microservices, containers and VMs may change and evolve, all for perfectly valid planned reasons. The trick is to be able to distinguish between this kind of change and deviations from the norm that are actually due to security breaches – this is a much more sophisticated task and is why adaptive security technologies based on AI and machine learning are becoming essential.

“Thing” first?

In order to learn what good looks like, you need to approach your security from a position that historically cyber security has never taken – that of the user and increasingly, that of the “thing”. Why “thing”? Because with data everywhere, it’s just as likely that what’s accessing or producing the data is a “thing”- a sensor on a device at the Edge as it is a human end-user. For example that offshore windmill isn’t staffed. Equally a human isn’t involved in transferring data from an MRI scanner to a central data collection point – both are examples of autonomy, enabled by the so-called Internet of Things (IoT).

It’s also the single biggest link in the chain that in traditional security, will have been overlooked. Which is why it is the most likely to be targeted.

This approach is critically important in a modern decentralised organisation. Imagine you’re a university, where your intellectual property is at the core of your academic standing and, increasingly, a major source of revenue. Historically you might share that IP in lectures, where students took notes, before writing them up on computers all housed in central locations – the library, for instance. Everything could be secured with a perimeter firewall because everything was isolated within the local network infrastructure.

Fast forward to today, and lectures are as likely to be virtually attended as they are presented to a theatre full of undergraduates; seminars can be interactive from anywhere meaning that all reading IP, material and comments are shared across online hubs and accessed from bedrooms, aeroplanes or wherever else the student happens to be. Those students may not even have ever set foot on campus.

How do you secure and ensure your valuable IP doesn’t get stolen? The answer is to secure the user and their interaction with the data. After this, predicting trends and behaviours is simpler, allowing organisations to work backwards and to eventually focus on the digital foundation supporting needed to support the innovation of apps and tools.

From this point, you are in a position to identify what ‘good’ looks like – what data and apps are required by which users and how they need to access them, what apps need to connect with which other apps and resources to deliver these requirements leading to adaptive security. By adopting flexible, automated security policies this allows you to deal with even brand-new zero-day threats in real-time

Shrinking the visible surface area of your infrastructure to limit what can be attacked is also a key objective of modern transformed security. Consider the university once more – by taking  a user-centric approach and focusing on what the end-user is allowed to access, rather than the device they are trying to use, unsecured personal devices no longer represent an easy target as a route for cyber intrusion.

Know how your data behaves

All this change seems very complex. It is also a major philosophical change from what has been considered as security gospel for the last thirty years. But the fact is, the world has changed out of all recognition. Cyber attacks are becoming ever more sophisticated. Every time we connect a new device or turn it into a new source of compute at the Edge, we create a new potential target for attack.

To ensure that we don’t inadvertently deliver breach opportunities on our networks, we must learn to put the human or edge devices front and centre. With data everywhere, both inside and outside the networks, we need a different approach to security: security has to be everywhere – it needs to be multi-layer to make things as hard as possible for cyber criminals to penetrate and manoeuvre.

Finally, the threat landscape is incredibly dynamic with hundreds of thousands of instances of new zero-day malware appearing every day. The only way to combat threats on this scale is to make your newly transformed security equally dynamic, adaptive, and autonomous. That’s the fundamental difference between,  cyber-hygiene which is essential today, versus the traditional perimeter-based cyber-security of the past.


Watch video

In the same category