Adapting Your Access and Security Playbook to Mitigate Risk
While details are limited on the SolarWinds cyberattack, what does seem definite is that malicious software, injected into SolarWinds, opened a security hole to allow other malicious actions to be possible. A key element of its success is that SolarWinds network monitoring (and other services) operates at the highest access privileges, rendering traditional access-based security ineffective. We’ve assembled some thoughts on how to better protect your organization and the primary target – your data – from this type of cyberattack.
3 Plays to Mitigate the Damage of a Solar Winds Style Cyberattack
- Eliminate single points of failure — Putting all your security eggs in one basket, with SolarWinds, or any other software for that matter, to monitor and police security, creates a significant weakness. In a blog on the cyberattack, Brad Smith, President of Microsoft, talks about the need for “focus on the collective action that is indispensable to cybersecurity protection.” While his advice is in the context of information sharing between government agencies and their vendors, this sentiment should extend to an organization’s overall security approach as well. Don’t put your trust in a single piece of software. Second (and even third) sources of intel should be collected and used in conjunction to make decisions. Multiple tools give you the broadest picture of issues and offer the most effective protection.
- Update your access management playbook — Most companies use the traditional go-to approach for security, pre-assigning individual access rights for each user or group for each application, file, field, chat, etc. This is like pre-assigning every play, for every player, for an entire football season – before the season starts. The complexity and number of combinations that have to be decided on in advance, render the approach prone to compromise. And security and compromise never belong in the same sentence (except for maybe this one). Attribute-based access control (ABAC) significantly improves the pitfalls of a traditional security approach. It controls access by comparing attributes of a user’s connection and security context against a file’s classification attributes. It results in a far smaller set of security policies that cater for a much wider set of permutations.
- Zero Trust Should Extend to Every User and Every File — If your mother told you to trust no one; she was (as it turns out) right. Zero Trust has become the emerging standard for network security, but it also needs to extend to the application – and more importantly the file level. Security should provide the minimum amount of access, for the minimum amount of time to a file, while still enabling the user to do their job. ABAC policies enable you to evaluate and tailor each request to access content to the user and situation. For example, depending on the file attributes and user context, tools like NC Protect that utilize ABAC policies can:
- Dynamically hide a file from a user,
- Tailor encryption,
- Disable actions within the application UI to control what a user can do with the file,
- Force viewing of sensitive content in a secure reader, or
- Provide time limited document access to an authorized user (limited to minutes or hours based on the perceived risk).
Now is the Time to Update Your Access and Security Playbook for 2021
Malicious actors aren’t going away any time soon. In 2021 cyberattacks will continue to plague us and evolve using tactics never seen before. By layering defenses and employing modern approaches to information security and access, the security holes created by a SolarWinds style of breach can be more effectively mitigated. The in-transit protections that ABAC security tools offer not only help limit damage in the case of a malicious code injection, they also extend protection to everyday scenarios where data is accidently lost, stolen by a trusted malicious user, or exposed through a security hole. A modern data-centric security strategy applied as information is being accessed and/or transferred more effectively mitigates potential loss.
Learn how NC Protect leverages Azure Information Protection for dynamic, fine grained access and sharing control.