Digital data is exploding and government agencies are facing a data visibility crisis.
By 2016, analysts predict there will be 760 million tablets in use worldwide and 1 billion people will own smartphones. And according to a survey by CDW Government, 99% of federal IT professionals have deployed mobile devices to agency employees with 44% of federal employees reporting using their personal mobile devices for work purposes.
Add to that the fact that today, the average worker may have nearly 20 gigabytes (GBs) of data, this multiplication of devices and growth in bring your own device (BYOD) policies bring with it the propagation of digital data – there are more places where data might be stored and government agencies are finding themselves with business data everywhere.
How on earth am I, as the security guy, going to secure your personal iPhone?”
Matthew L. McCormack, chief, Office of Cyber Security, Defense Intelligence Agency framed this situation well at our recent federal summit, which gathered 100 of the top government IT managers, when he said: “Now we’re trying to keep the bad guys out and keep an eye on the insiders and figure out what our perimeters are. How on earth am I, as the security guy, going to secure your personal iPhone?
With digital data everywhere, having visibility into these endpoints for data security, evidence gathering or HR investigations is incredibly difficult. Instead of just having one computer per employee, a government agency may have upwards of five devices to track. On the first day of each employee’s employment, the agency may have a good idea of what company information exists on these devices – that is the first and last day the agency will have that information.
This lack of data visibility causes problems when an agency is sued and it needs to conduct electronic discovery. Second, it causes business problems when the agency needs to conduct an internal investigation for HR, compliance, or other purposes. Third, it causes business problems and creates risk when sensitive data is stored in unauthorized locations, or when unapproved applications are running on devices.
The first step in addressing this problem is to define the endpoint – what are the hardware, operating system, and applications that can be accommodated – because without this information, agencies can’t set up an effective security infrastructure.
The next step is to identify the technology or technologies that can provide visibility into the endpoint. There are different tools that help, but agencies need those tools to work together to solve the challenge. Use of cloud-based applications is a good example: it makes your network security perimeter very fuzzy and means the digital investigation tools you use on your premises must also extend to the cloud or integrate with those that do.
One emerging technology trend that is helping government agencies gain data visibility is response automation.
By integrating an agency’s remote forensic solution with security information and event management (SIEM) software, the agency can be notified when an attack or breach event is even suspected, automatically triggering a forensic response, including exposing, collecting, triaging and remediating data related to threats.
Knowing that a forensic response can be triggered even before an event happens can provide today’s agencies with some comfort in knowing that although data is everywhere, the agency can gain back some sense of control by reacting quickly in the event of an attack.
As part of response automation, agencies must also employ continuous monitoring, or the testing and analysis of security control effectiveness as well as remediate application vulnerabilities in a timely manner. The security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs.
To combat threats and establish endpoint visibility, ultimately, agencies must acknowledge this issue at hand, assess the situation to define the perimeter and become proficient at using forensic analysis tools, following up with enterprise network searches and start conducting security audits across the network based on what is already known.
By establishing visibility into the endpoint, government agencies can achieve accurate decision-making and the rapid actions necessary to meet compliance obligations, reduce risk, and secure an organization’s assets.
Roger Andras, Senior Solutions Consultant, Guidance Software.