The Rebel Alliance had just one opportunity to defeat the Empire’s latest and most deadly weapon, the Death Star. It found a weakness that led all the way to the core of the planet-size weapon, and if just one torpedo could be dropped into it, the Death Star would explode. The rebellion would be saved.
In this scenario, we root for the ones that find and exploit a vulnerability. But what if the tables are turned and it’s your vulnerability being exploited? This is the situation organizations are trying to avoid every day. They deploy an array of cybersecurity measures to protect their digital core.
The digital core of a business comprises critical business processes, data and transactions. It holds the critical systems that keep your business up and running. If your digital core is compromised, revenue—if not the ability to stay in business—is in jeopardy.
Within the many tiers of your production systems, your digital core includes elements such as load balancers, gateways, servers, network devices and data storage. These elements are interconnected and interdependent, so disruption or outright failure at any tier threatens to paralyze the entire digital core. For example, if your gateway or API server were to be compromised or shut down unexpectedly, or your third-party data suppliers’ system were to stop functioning, the applications that depend on those APIs would also fail. Therefore, you should include these third parties in your digital core.
How might this situation play out in real life? A few years back, a credit-card company offered an innovative promotion with the goal of extending their brand’s desirability to important new demographics. The program was a raving success—that is, until the CEO started receiving angry letters and emails. It turns out blocks of users were unable to take advantage of the promotion and received no explanation.
Until people started complaining, the company had no idea any problems existed. It took about a week to track down the failure’s root cause, which turned out to be an API call to a tax table supplied by a third party. Needless to say, the negative experience combined with the bad press greatly undermined the goodwill intent of the promotion. The moral of the story: your digital core extends beyond your physical data center.
Leaving the Back Door Open
Because the digital core is critical to your business, building in redundancies and protect it at all tiers is imperative. Security professionals agree that there is no silver bullet for defense. Instead, they strongly advocate a comprehensive defense-in-depth strategy. Although most businesses do a decent job of defending applications using defense-in-depth principles, they often fall woefully short in applying those same principles across the full extent of their digital core.
How might this scenario play out in real life? Well, for instance, when working with SSH and RDP, businesses often have little knowledge of all the root/control access credentials in their digital core. That’s like locking the front door but leaving the back door unlocked. Today, it’s prudent to assume that bad actors are checking all doors to gain access. In fact, evidence suggests these unmanaged and unmonitored back doors are the principle targets of bad actors, both internal and external. Therefore, IT-security professionals must take care to apply defense-in-depth principles across all tiers of the digital core, both on premises and in the cloud.
Keys to Securing Your Digital Core
The following are keys to securing your digital core:
- Diagram and document all of your digital core’s components. Don’t forget API and cloud dependencies. Start with your network and map it all back to your databases. For this exercise, it’s best to use a large whiteboard with lots of space.
- Make a list of all the people and things that have access to your digital core. But don’t stop there; understand the process of granting new access. How is that process controlled? How can it be bypassed? If it’s bypassed, how would you know?
- Decrypt your encrypted traffic and send it to your other security tools for inspection—DLP, SIEMS, malware, antivirus and so on.
- Adopt multifactor authentication (MFA) for all privileged access as an added layer of identity verification.
- Find and take out old, unused or low-encryption access credentials across your environment.
You’re not trying to blow up planets; you’re just an honest business trying to keep your digital core safe. Your cybersecurity strategy is incomplete unless you employ elements that secure all tiers of the digital core. You must extend your security beyond the application layer so that you keep critical back doors closed. The best practices listed above will strengthen your defenses to help you stay in business.
About the Author
Thomas MacIsaac is a cybersecurity strategist and currently serves as VP Eastern U.S., Canada and Federal Markets for SSH. Thomas has spent over 22 years in the high-tech industry representing many of the foundational and cutting-edge technologies of our time. He regularly consults with Fortune 500 businesses and government agencies on the security topics of data at rest and in transit, identity and access management, APIs, and SIEMS, and he’s a sought-after speaker for audit, compliance and security events.