If you are like most people and myself, you do not go into a bank and have a conversation with a teller when you make a deposit or withdrawal. You probably do not write paper checks and sign them. You have an app on your phone to access your bank account and use one of the thousands of automated teller machines (ATM), around the world to move money in and out of your accounts.
People’s lives are at risk as the healthcare industry transforms patient care with modern IT technologies. Data security and application availability are essential when a patient’s medical information is on the network. Hospitals and medical practices are digitizing healthcare applications like x-rays, CAT scans, medication distribution and surgical procedures using interactive video. In addition, patient care staff are accessing all of this medical information on tablets, phones, and other devices in real-time.
Throughout the history of mankind, whether in warfare or crime, the advantage has swung between offense and defense, with new technologies and innovative tactics displacing old doctrines and plans. For example, the defensive advantage of the Greek phalanx was eventually outmaneuvered by the Roman legion. Later, improvements in fortifications and armor led to castles and ironclad knights, until the invention of gunpowder made them obsolete. In the 20th century, fixed fortifications and trenches were rendered outdated by highly mobile armored forces. In all these examples, the common denominator is that one side’s tactical advantage spawned new ways of thinking among its opponents, eventually degrading that advantage or reversing it completely.
In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.
Businesses need to protect their assets when they are within their protective infrastructure AND when they are actively exposed or placed within the unprotected external world. The tools and procedures needed to protect the internal assets are different from the ones that protect the assets when they leave the confines of the secured network.
Recently Italian bank Unicredit suffered two security breaches. Data of 400,000 customers was stolen, including loan account numbers and Personally Identifiable Information (PII). There is a suspicion the breach had to do with interaction with a 3rd party. This incident is the latest reported in a long history of cyber-attacks against financial institutions. Every hack however, can teach us a lesson.
In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.
The world is changing; it always has but the world is changing faster now than it ever has before. This general change is translating into even bigger changes in the cyber world. Some of the key areas that are evolving aren’t new, like availability or security. Others like automation are maturing quickly, and then there is the ever-present need for “easy.” Easy is a nebulous term, but in this case it refers to ease of procurement, ease of set up, flexibility in platform and ease of ongoing management.
This accelerated change is being driven by different market and business drivers. Some of the key market drivers are compliance, time to market, cyber loss risk, and increased competition around the user experience. This change is acutely felt in the ADC space.
10 years ago, I left my position as the principal architect at a major U.S. financial institution. We developed the standards for how SSL was used inside the bank and their systems. Because of the weakness of ADC hardware at the time, we standardized on the “fastest and lightest” ciphers that would allow us to be compliant for online banking. In today’s age, many would argue that is absolutely foolish. But is it?
We know that SSL has changed a lot in the last 10 years. Old ciphers are now considered insecure, obsolete, and out of PCI compliance. In looking at what many companies have shared about how they deal with SSL, we know there’s a blend of “just enough” cryptography to pass, and “Next-Gen” crypto, as some are calling it. According to Gartner, 50% of traffic in enterprises today is encrypted.
We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users? The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people that use the network. People are concerned about having their apartments or homes broken into so they put locks on the doors, install alarm systems, or put surveillance equipment like security cameras around the property. They are vigilant about making sure that an unauthorized intruder cannot enter the home easily without detection and alarms being raised.