Defense in Depth Security
Cybersecurity is top of mind for executives as security breaches, ransomware attacks, and credential phishing of prominent enterprises splash across front page news every week. Although awareness is a good start, most security professionals still think of defense in depth security the way it was 5 or 10 years ago with firewalls, monitoring appliances, and device encryption.
Unfortunately, what worked in years past for security has very little applicability in the new era of cloud and mobile computing today. Which is why CCO developed a security model that over the past 3-4 years has provided significantly better security of data, content, and systems.
To better understand what this really means for organizations, here’s a client engagement scenario how CCO modernized an organizations entire security model, leveraging tools and technologies that the customer actually already owned (and wasn’t using), to address security in a significantly more efficient and effective way.
Background: One Friday evening a few months ago, the Chief Financial Officer of a BioTech firm contacted CCO President Rand Morimoto (whom they knew each other from personal connections) that their organization may have been hacked.
CCO’s Involvement: Rand connected up with the CFO and the I.T. team and remoted into their environment and within a few minutes, Rand confirmed that the organization had indeed been hacked (logs showed access to the CFOs emails and other content from a international location that the CFO has never been to). Rand worked with the organization’s I.T. team to immediately change passwords and block access to the external connection, and began forensics to determine the extent of the breach.
CCO found that while the organization had pretty standard security protocols and processes in place to detect unwanted intrusions, a simple phishing attack that captured the executives logon and password allowed the perpetrator to remotely log into “as” the executive, slipping right through expensive firewalls and intrusion detection devices. The security systems the organization had were great for when they were implemented a decade earlier, but were easily vulnerable to modern cyberattacks.
CCO’s Solution: After validating that the breach was caught quickly enough that the intrusion did not pose a long term effect to the organization, CCO embarked on a process to modernize the organization’s security solutions based on a new Defense in Depth model based on Who, What, Where, When, and How security. CCO enabled an identity system that required multifactor authentication that required more than just a logon and password, but also a device (phone and/or digital cardkey) for users to logon and validate themselves to the system. Content (emails, files, databases, etc) was auto-tagged with content classified to policies put in place to allow (and prevent) access to content based on WHO the person is and their role in the organization to WHAT content the person needs access to. Each corporate site is tagged with locality so certain content can only be access WHERE the organization deems applicable for access (at a corporate site or home office location), and company owned and employee owned devices determine HOW content is access from specific known and approved systems.
The End Result: Start to finish, CCO modernized the organization’s security footprint based not on a 10-year “datacenter” model, but put the security wrapper around data files, emails, and content so that the potential for cyberattacks through phishing and account compromises were eliminated, and data leakage was protected by 24x7 content protection controls. And since all of this simply leveraged the organization’s existing software licensing they already owned (Microsoft’s Office 365 and Enterprise Mobility + Security licenses), none of this required any additional hardware or software purchases.
The new world of I.T. in environments that have some content in the cloud, some content still on-premise, spanning multiple sites and various cloud service solutions (Microsoft, Box, WorkDay, Oracle, etc), the need to modernize security to newer methods is imperative in keeping a step ahead of security attacks against legacy security models designed and built for a completely different I.T. model.