Achieving Data Privacy in the Enterprise
By Bill Wills, Systems Solutions Technologies
Monday, 30 May 2005 10:48 EST
Monday, 30 May 2005 10:48 EST
In spite of a range of security technologies being deployed, devastating thefts of sensitive data continue to occur. To address these threats, many organizations are looking to deploy data privacy solutions- solutions that ensure the security of data inside the enterprise.
Enterprises worldwide are spending $20 billion per year on IT security, yet very costly breaches continue to occur. In large part, this is because security efforts have mainly been focused on network security rather than data privacy. Data privacy is the process of securing critical data that is being stored, transmitted and used within the enterprise.
The need to augment network security mechanisms with data privacy technologies has never been more vital. For example, given that most estimates cite over 50% of security breaches are perpetrated by internal staff, perimeter security mechanisms like IDSs and firewalls are ill-equipped to address many threats to sensitive data. Further, in spite of the deployment of network security technologies, organizations are susceptible to a range of attacks: storage systems can be breached via insecure storage management interfaces, and physical storage systems and databases themselves can be stolen.
Failure to implement a data privacy solution can have a disastrous effect on an organization. For years now, the price organizations have paid when breaches become public has been catastrophic. One estimate states that compromised firms lose, on average, 2.1% of their market values within 2 days of a breach, which translates into an average of a $1.65 billion loss in market capitalization per incident. This is on top of very real, but harder to quantify, losses that stem from damaged brands and diminished customer trust. Not coincidently, many firms do whatever they can to keep these breaches from going public. In fact, recent estimates state that only 30% of all security breaches get reported at all.
Whether organizations want it to or not, this will have to change. A range of policies and legislative mandates are dictating a more data-centric approach and, further, are requiring the disclosure of any breach. These mandates are coming in a range of forms:
Regional legislation: Europe's Data Privacy Act, Canada's Personal Information Protection and Electronic Document Act (PIPEDA), California's Database Security Breach Notification Act, SB 1386, and many others all dictate encryption in some fashion, and that any victims of breaches are notified.
Industry specific legislation: In healthcare, the Health Insurance Portability & Accountability Act (HIPAA); and the Gramm-Leach-Bliley Act (GLBA) in financial services have provided comprehensive guidelines for safeguarding patient and consumer data, respectively.
Commerce policies: Credit card issuers like Visa, MasterCard, and American Express all have delivered comprehensive guidelines that provide an edict for both best security practices, including data encryption for example, as well as mandating consumer notification of breaches.
The bottom line of all of this is that organizations need to address data privacy in a comprehensive fashion. Those that don't, and wait for a legislative mandate, or worse, a security breach, before they do so, will ultimately be taking chances that can put an entire business at risk.
Historically, the challenge in achieving data privacy has been that many of the options available to organizations have been lacking, either in terms of delivering true security, or in terms of prohibitive cost or complexity. Today there are solutions to address data privacy that overcome these obstacles.
Best Practices for Implementation of Data Privacy
A) Selecting Cryptographic Algorithms - You will need to review recommendations for choosing among the various cryptographic operations available in implementing a data privacy solution. Some of the options are DES, 3DES, AES, RC4, SHA-1, MD5. Asymmetric Key Algorithms (Public Key) can be up to an order of magnitude slower than symmetric algorithms. Therefore, if possible, a symmetric algorithm should be chosen. Block encryption algorithms (such as DES and AES) can be used in a number of different modes, such as "electronic code book" (ECB) and "cipher block chaining" (CBC). In nearly all cases, CBC is recommended over ECB mode. ECB mode can be less secure because the same block of plaintext data always results in the same block of ciphertext, a property that can be used by an attacker to reveal information about the original data and to tamper with the encrypted data. Many modes, including CBC mode, require an "initialization vector" (IV), which is a sequence of random bytes used as input to the algorithm along with the plaintext. The IV does not need to be secret, but it should be unpredictable.
B) Key Management - Key management is a fundamental consideration when deploying a data privacy solution. If the keys used to protect sensitive data within an enterprise are not properly secured, attackers may be able to gain access to this data with relative ease. In a highly secure environment it is important to generate and manage keys in a centralized manner in which strict access privileges are enforced. For example, keys stored across multiple application servers are significantly more difficult to manage and protect than keys stored on a centralized platform. A specialized hardware device in which all cryptographic operations are performed securely and in which keys are never visible in the clear is highly recommended. It is a good practice to protect data with newly generated keys periodically. Re-encrypting data with a new key at least once a year is recommended. An important consideration when rotating keys is managing backups and archives. An enterprise must be able to ensure that critical data cannot be compromised through the use of old keys and archived data, while also being able to guarantee access to this data if necessary.
C) Authentication, Authorization and Auditing - Enterprises need a secure way to identify people and entities that require access to sensitive data. In implementing a solution, administrators need to decide what data will be accessible and who will have access to it. Some methods of access control are passwords, client certificates, biometrics and tokens. Auditing is an extremely important part of a data privacy solution. It allows an enterprise to determine who did what at any given point in time, including when authentication and authorization were allowed or denied to an entity. A data privacy solution should offer robust logging capabilities and support log signing, in order to prevent an attacker from tampering with logs. Logs should be analyzed regularly to look for strange behavior that could potentially represent attacks to the enterprise.
D) Backup, Restore and Disaster Recovery - Backup and restore capabilities are critical to ensure that an environment can be recreated in the event of a disaster. It is also important to be able to replicate an existing environment in order to scale according to the needs of the enterprise. A good solution will allow for a secure mechanism to create backups and perform restores of all keys as well as relevant configuration information.
E) Encrypting multiple columns in a database - It is strongly recommended to use different encryption keys for each column encrypted. That way, even if an attacker manages to compromise a single key, the rest of the encrypted columns will remain secure. The only reason to use a single key to encrypt multiple columns is if the columns all contain values from the same set of data and encrypted values have to be compared with each other to determine quality (such as performing a join).
F) Pre-migration backups - Even if sensitive information in production databases is securely protected, it is important to be aware that sensitive data may still exist in the clear in such places as tape backup and database backups. An enterprise must identify all of these locations and replace them with new backups in which the sensitive information is protected.
These are just a few areas that must be considered in implementing a solid data privacy solution. It is critical for enterprises to address data privacy by deploying security solutions for critical data in transit and stored.