Data Security - A Look Back
In the context of security for data at rest, we are often satisfied with data access control that prevents unauthorized access to the data and encryption solutions that encrypts the data. With these we can prevent a malicious user to read stored data. Disk encryption solutions work great where the disk is not in our physical control, like for portable devices or a disk in cloud. In cloud it ensures that the cloud service provider cannot even read our disk outside our system. But is that true for cloud provider's super admin with access to the hypervisor where the VM is created? We trust cloud providers to implement proper segmentation and access control on hypervisor so the concerned access to a VM network and attached disks can be controlled.
File level encryption prevents OS admins or network admins, who has access to all system attached storage, to access data without a key. We see this in practice for database files where most of critical data lives. But we do not see much of it in practice for files stored as files directly in a file system. There are many files like inbound or outbound files or inter-ERP integration, that may contain sensitive information. All these files must be encrypted and be shared as encrypted. The encryption and decryption must preferably be done by the application and not OS. Now what about data in trace files, log files, dump files, etc.? Some critical information may come there, and the files may be just sitting in the file system for someone to stumble upon it. Encrypting these files is not very practical – rather data masking is a better proposition and that should be built deep in during the application architecture. Same story applies for almost all types of data, in all places and phases of its life cycle, including backup of data and even when we destroy a disk or a backup.
With infrastructure as code, this is true even for other resources. Perimeter security across workloads is expected by default. But threats can be inside the perimeter as well. With dynamic workload in public cloud, the security landscape is now changing focus to accepting that the security may already have been compromised and to preventing gaining advantage from the compromised resource. In our capacity, we must put required security controls like encryption, authentication, separation of duties, access control, segmentation, isolation, inspection, image signing, runtime protection, etc. appropriately right from architecture to reduce and contain the attack surface. Finally, we need proactive continuous monitoring to find and mitigate if there is any suspected breach or attempt towards it.
