Posts Tagged ‘Security Week’
What control do you have over data once it leaves your network? Do you have any idea where it’s been, or what’s been done to it?
In his latest contribution at Security Week, Chris Poulin ponders the concept of smarter data; data that is self aware. In an effort to combat security issues with “free-range data”- issues like lack of access control, identification and tamper-proofing- Poulin suggests that looking at data as an object made up of code, properties and of course, the data itself, would eliminate these security challenges.
He says, “Putting on my developer’s hat, I envision data as an object composed of some sort of universal code, the data, and accompanying properties. To protect the information and code, it could only be run on a system controlled by the data’s owner, perhaps using a method similar to public/private key pairs, and aside from innocuous information about the certificate, everything else is encrypted.
The benefits are manifold: you could revoke access to any individual at any time, self-destruct the data (well, the decryption keys anyway), and implement true data-in-motion DLP, just to name a few. Additionally, you could provide tiered access to the data or properties based on role or user, which would be useful in helping cloud providers make intelligent decision on how to store and handle the data, for example.”
“… there are other ways to move from a position of constant and reactive defense to a state of preparedness: sharing our individual experiences. The bad guys are already organized and collaborating effectively on how to compromise our systems; we need to start sharing, and sharing openly.”
How do we beat the bad guys at their game? That’s the question Chris Poulin is asking in this new article for part of his ongoing series at SecurityWeek. The answer? Thinking like your adversary. Well, at least that’s part of it.
In his latest article, “Compromise Full Disclosure: Collective Knowledge Brings Stronger Defense,” Poulin explains how, in order to fight organized cyber attacks, security professionals need to be more organized themselves. This means more collaboration, knowledge sharing and, of course, the adoption of security intelligence. The end goal is to create an environment where breaches and the details of the attack (and not the vulnerability) are shared among professionals so that others can learn from these attack strategies and prevent their own breaches.
Click here to read the full article and share your thoughts about Poulin’s call for more full disclosure.