- Email: [email protected]
Getting your back-up data back up to date
FEATURE In the recent ‘Insider Threat Peer Report’, which contains the views of several IT and security professionals, Joseph Reyes, IT manager at Bellicum Pharmaceuticals, said: “In the biotech industry, executives tend to listen when the conversation is the theft of intellectual property. They understand the need for forensics and the ability to find out who did what and when they did it. I think when you can show that an idea can be stolen and that you can get the tools to either watch when that is occurring or identify who did it after it occurred, you become a hero.”
“In the biotech industry, executives tend to listen when the conversation is the theft of intellectual property. They understand the need for forensics and the ability to find out who did what and when they did it” This principle is adaptable for any industry. In finance it may be fraud that employees are most wary of; in law, perhaps client-sensitive information. In education, students may not immediately understand the risks of sharing a password with a friend until you explain that, while lending frontdoor keys to a friend is relatively safe
if you get those keys back, once you give a password to a colleague they can access your files whenever they like until you effectively change the locks by changing your password. Explaining to your users what the potential risks are in directly relatable terms will ensure that they comprehend them more fully.
How technology can help We’ve talked a lot about the use of language and how to interpret security issues and rules. These are cultural factors, but technology can help deploy them. It can be the vehicle through which you deploy these cultural tactics, if you have technology that allows for real-time monitoring, risk indicators and a complete view of network activity. This will be a solution that allows you to: Detect suspicious access, and alert users and administrators automatically to anomalies so that they understand what ‘suspicious’ looks like in situ. >>}iÊLiÊÕÃiÀÃ, with users working across smartphones, tablets, laptops and desktops. ,iÃÌÀVÌÊ>VViÃÃÊÌÊÃiÃÌÛiÊvià so employees can only access the files and systems they need.
,iÃÌÀVÌÊVVÕÀÀiÌÊ}Ã, eliminating the possible windows in which unauthorised users can access sensitive information. One thing you might want to set up is alerts that let users know exactly who to report to if they detect any suspicious behaviour. That way you should find that your users are not part of the 70% that are in the dark about the most basic of security training principles.
About the author François Amigorena is founder and CEO of IS Decisions, a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. IS Decisions offers solutions for user access control, file auditing, server and desktop reporting and remote installations. Its customers, including the FBI, the United Nations and Barclay’s, rely on IS Decisions to prevent security breaches, ensure compliance with major regulations, such as SOX, FISMA and HIPAA, quickly respond to IT emergencies and gain time and cost-savings for IT.
Reference 1. ‘The Insider Threat Peer Report’. IS Decisions. Accessed Mar 2015. www.isdecisions.com/insider-threatpeer-report/.
Getting your back-up data back up to date Phil Beckett
Phil Beckett, Proven Legal Technologies ,i}Õ>ÌÀÞÊiµÕÀiÃ]Êi`ÃVÃÕÀiÊiÝiÀVÃiÃÊ>`ÊVÀ«À>ÌiÊÛiÃÌ}>ÌÃÊ>Ê ÀiµÕÀiÊ`>Ì>ÊÌÊLiʵÕVÞÊ>`Ê>VVÕÀ>ÌiÞÊ«ÀÛ`i`°Ê iëÌiÊÌ Ã]Ê>ÞÊLÕÃnesses fail to maintain an up-to-date view of their back-up data storage systems, meaning that they can face a nasty surprise in the event of an unforeseen regulatory investigation. With industry regulators becoming increasingly demanding, firms would be wise to review their back-up data 18
Network Security
storage systems and take steps to ensure data can be quickly and accurately recalled when needed.
Fit for purpose Many companies utilise back-up tapes as an offline method of storing their back-up data. They are essentially a disaster recovery technique that has gradually developed into an archive,
April 2015
FEATURE but in this form they are not really fit to fulfil such a role. IT departments tend to have great trouble restoring them, meaning the valuable data stored on them cannot be quickly and easily accessed. It’s a good idea to use a checklist to help you get on top of your data. The checklist outlines a number of steps businesses can take to ensure that when compliance officials come knocking, no unforeseen issues arise. These steps include ensuring all backups are easily located, effectively cataloguing the back-up tapes, transferring them to new media, and reviewing what data must be kept and what can be deleted. By following this set of processes, companies will be wellplaced to meet any demands relating to regulation, e-disclosure or corporate investigation.
“Those willing to take a proactive approach to backup tapes are also those best placed to deal with litigation if and when it comes” Keeping back-up data in order is rarely seen as a priority by many organisations, and for those who have previously used or still use offline backup methods, the process can appear difficult, time-consuming and unnecessary. However, given the modern climate of regulation and transparency, these firms may have to rethink their outlook. Those willing to take a proactive approach to back-up tapes are also those best placed to deal with litigation if and when it comes.
First find your back-up The first step companies should be taking is to locate their back-ups.
April 2015
Knowing exactly where and how tapes are stored is an obvious yet often overlooked stage in developing a systematic approach to back-up data. This process must include an awareness of storage retention policies past and present, as this may affect the ways in which back-up tapes have been catalogued. In some cases, back-up tapes may even be stored offsite, and this can significantly impinge on a company’s ability to access their data quickly. Companies need to have the necessary information to hand in order to be able to swiftly recall the specific tapes they require, should the need arise.
“Developing a detailed inventory of tapes and their contents sorted by both date and content will ensure a much more simplified process in the future” Attempting to complete this first step may leave you cursing your predecessors’ failure to effectively catalogue back-up tapes. The second step is, therefore, to prevent future headaches by implementing a comprehensive cataloguing system. Developing a detailed inventory of tapes and their contents sorted by both date and content will ensure a much more simplified process in the future. This will allow an organisation to quickly and precisely identify what data resided on which servers when the back-ups were completed. This systematic cataloguing should also involve a consideration of unofficial back-ups, such as those created ad hoc by IT staff during times of system change or redundancy. All of this careful cataloguing must also be regularly tested by the performing of audits and tests. These can ensure
that knowledge of the tapes and their content is accurate, and that they can be retrieved and restored without delay or drama.
New media The next crucial step which companies need to take is to transfer back-up data to new media. Doing this can be a difficult and time-consuming process, but it is one that is crucial to allow backups to be quickly and readily accessed. Before any data can be transferred and upgraded, it is crucial to be fully aware of the media used to record and access historic back-ups. The hardware and software used for older back-ups can often be upgraded during an infrastructure overhaul, leaving the data inaccessible. Making sure that this hardware and software is always available is one way around this problem, but this can be both expensive and very inefficient. A much better option is to source this hardware and software temporarily and work out a way of transferring the old back-up data onto new media. This will allow all back-ups to be stored in the same place and in the same way. Doing so will save time, effort, and space in the long term. There are undeniable security advantages to maintaining an offline back-up database, but creating a fully complete set of back-up data on readily accessible media should be a priority regardless of whether old tapes are kept.
Final stage The final stage in developing an accurate and up-to-date view of back-up data storage systems is to closely review how much data should be kept. As regulators demand greater levels of Continued on page 20...
Network Security
19
FEATURE ...Continued from page 19 transparency and call on constantly increasing quantities of data to prove good practice, working out what is and is not relevant can be a minefield. Should an organisation be faced with an unexpected legal case, a poorly planned retention policy could potentially prove even more damaging. Backup data provides an accurate snapshot of past practice that is not reliably available in any other way. To this end, it may be necessary to seek legal advice to guarantee that retention policies adhere to regulatory requirements. New retention policies should be applied across the board to both new and old back-up data, ensuring continuity throughout a firm’s entire data store. The destruction and deletion of past tapes and data which may result from this review of retention policy is also likely to free up a huge amount of space, both virtual and physical. Addressing back-up retention therefore has the potential to save a company space and money in addition to making their lives easier in the event of regulatory enquiries, e-disclosure exercises and corporate investigations. Back-up data provides a far more accurate snapshot of the data environment than live collections, and yet for many businesses this data is hidden, inaccessible or poorly catalogued. Firms ...Continued from page 2 they may have been login details shared with other sites. Speaking about both stories, Ross Brewer, vice president and managing director for international markets at LogRhythm, said they, “provide yet another example of the importance of strong online passwords that are not reused across numerous websites and online services. Cyber-criminals are becoming increasingly determined to access user credentials, with advanced automated tools that are designed to seek and steal usernames and passwords with minimal effort. As such, we hear time and time again about breaches stemming from hackers using these smash and grab techniques to build a database of credentials and then effectively ‘trying every key in the lock’ until it opens.” 20
Network Security
therefore need to locate their tapes, see if they work, catalogue them clearly, and make sure that they are readily available at all times. This ensures that they are compliant with existing and upcoming regulations and they are ready to provide evidence of good practice in the event of any future problems.
About the author Phil Beckett is managing director at Proven Legal Technologies. He joined the team after spending seven years leading Navigant Consulting’s European Forensic Technology practice. Beckett has a masters degree in forensic computing from Cranfield University and is a Fellow of the Association of Chartered Certified Accountants (ACCA), winning the ACCA Gold Medal when he qualified in 2001. Throughout his career, he has provided advice to lawyers, regulators, corporate entities, not-for-profit organisations and other stakeholders in relation to forensic investigations and e-disclosure projects in both the public and private sectors in the UK and also internationally. He specialises in advising clients concerning the preservation and investigation of digital evidence, the interrogation of complex data sets and the disclosure of electronic documents. He is also a qualified fraud examiner and has been a recognised court expert in relation to various aspects of digital evidence. Speaking about the Uber story, Ken Westin, senior security analyst at Tripwire, said: “The amount of data available on underground forums and markets is reaching horrifying levels, simply because there are data sets that nobody knows where they came from. In many respects this trend reveals the number of breaches that are occurring that go unreported, or undetected and not just with service providers themselves, but also when data sets are shared with business partners, or when the data is compromised between device and server. There is value in this data in the underground, so individual cyber-criminals and syndicates are working overtime to identify weaknesses in everything from email, social media, loyalty programmes and other sources.”
EVENTS CALENDAR 19–22 May 2015 OWASP AppSecEU Amsterdam, Netherlands https://2015.appsec.eu/
26–29 May 2015 Hack in the Box Amsterdam, Netherlands http://conference.hitb.org
26–28 May 2015 IFIP SEC 2015 Hamburg, Germany https://ifipsec.org/2015/
2–4 June 2015 Infosecurity Europe Olympia, London, UK www.infosecurityeurope.com
2–3 June 2015 Infosecurity Intelligent Defence Olympia, London, UK www.infosecurityeurope.com/ intelligentdefence
26–30 July 2015 AHFE – Human Factors in Cyber-security Las Vegas, NV, US www.ahfe2015.org/board.html#hfc
1–6 August 2015 Black Hat USA Las Vegas, US www.blackhat.com
29 September 2015 Government IT Security & Risk Management London, UK www.whitehallmedia.co.uk/govsec
20–21 October 2015 Cyber-security Summit Minneapolis, US www.cyber-securitysummit.org
April 2015
“In the biotech industry, executives tend to listen when the conversation is the theft of intellectual property. They understand the need for forensics and the ability to find out who did what and when they did it” This principle is adaptable for any industry. In finance it may be fraud that employees are most wary of; in law, perhaps client-sensitive information. In education, students may not immediately understand the risks of sharing a password with a friend until you explain that, while lending frontdoor keys to a friend is relatively safe
if you get those keys back, once you give a password to a colleague they can access your files whenever they like until you effectively change the locks by changing your password. Explaining to your users what the potential risks are in directly relatable terms will ensure that they comprehend them more fully.
How technology can help We’ve talked a lot about the use of language and how to interpret security issues and rules. These are cultural factors, but technology can help deploy them. It can be the vehicle through which you deploy these cultural tactics, if you have technology that allows for real-time monitoring, risk indicators and a complete view of network activity. This will be a solution that allows you to: Detect suspicious access, and alert users and administrators automatically to anomalies so that they understand what ‘suspicious’ looks like in situ. >>}iÊLiÊÕÃiÀÃ, with users working across smartphones, tablets, laptops and desktops. ,iÃÌÀVÌÊ>VViÃÃÊÌÊÃiÃÌÛiÊvià so employees can only access the files and systems they need.
,iÃÌÀVÌÊVVÕÀÀiÌÊ}Ã, eliminating the possible windows in which unauthorised users can access sensitive information. One thing you might want to set up is alerts that let users know exactly who to report to if they detect any suspicious behaviour. That way you should find that your users are not part of the 70% that are in the dark about the most basic of security training principles.
About the author François Amigorena is founder and CEO of IS Decisions, a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. IS Decisions offers solutions for user access control, file auditing, server and desktop reporting and remote installations. Its customers, including the FBI, the United Nations and Barclay’s, rely on IS Decisions to prevent security breaches, ensure compliance with major regulations, such as SOX, FISMA and HIPAA, quickly respond to IT emergencies and gain time and cost-savings for IT.
Reference 1. ‘The Insider Threat Peer Report’. IS Decisions. Accessed Mar 2015. www.isdecisions.com/insider-threatpeer-report/.
Getting your back-up data back up to date Phil Beckett
Phil Beckett, Proven Legal Technologies ,i}Õ>ÌÀÞÊiµÕÀiÃ]Êi`ÃVÃÕÀiÊiÝiÀVÃiÃÊ>`ÊVÀ«À>ÌiÊÛiÃÌ}>ÌÃÊ>Ê ÀiµÕÀiÊ`>Ì>ÊÌÊLiʵÕVÞÊ>`Ê>VVÕÀ>ÌiÞÊ«ÀÛ`i`°Ê iëÌiÊÌ Ã]Ê>ÞÊLÕÃnesses fail to maintain an up-to-date view of their back-up data storage systems, meaning that they can face a nasty surprise in the event of an unforeseen regulatory investigation. With industry regulators becoming increasingly demanding, firms would be wise to review their back-up data 18
Network Security
storage systems and take steps to ensure data can be quickly and accurately recalled when needed.
Fit for purpose Many companies utilise back-up tapes as an offline method of storing their back-up data. They are essentially a disaster recovery technique that has gradually developed into an archive,
April 2015
FEATURE but in this form they are not really fit to fulfil such a role. IT departments tend to have great trouble restoring them, meaning the valuable data stored on them cannot be quickly and easily accessed. It’s a good idea to use a checklist to help you get on top of your data. The checklist outlines a number of steps businesses can take to ensure that when compliance officials come knocking, no unforeseen issues arise. These steps include ensuring all backups are easily located, effectively cataloguing the back-up tapes, transferring them to new media, and reviewing what data must be kept and what can be deleted. By following this set of processes, companies will be wellplaced to meet any demands relating to regulation, e-disclosure or corporate investigation.
“Those willing to take a proactive approach to backup tapes are also those best placed to deal with litigation if and when it comes” Keeping back-up data in order is rarely seen as a priority by many organisations, and for those who have previously used or still use offline backup methods, the process can appear difficult, time-consuming and unnecessary. However, given the modern climate of regulation and transparency, these firms may have to rethink their outlook. Those willing to take a proactive approach to back-up tapes are also those best placed to deal with litigation if and when it comes.
First find your back-up The first step companies should be taking is to locate their back-ups.
April 2015
Knowing exactly where and how tapes are stored is an obvious yet often overlooked stage in developing a systematic approach to back-up data. This process must include an awareness of storage retention policies past and present, as this may affect the ways in which back-up tapes have been catalogued. In some cases, back-up tapes may even be stored offsite, and this can significantly impinge on a company’s ability to access their data quickly. Companies need to have the necessary information to hand in order to be able to swiftly recall the specific tapes they require, should the need arise.
“Developing a detailed inventory of tapes and their contents sorted by both date and content will ensure a much more simplified process in the future” Attempting to complete this first step may leave you cursing your predecessors’ failure to effectively catalogue back-up tapes. The second step is, therefore, to prevent future headaches by implementing a comprehensive cataloguing system. Developing a detailed inventory of tapes and their contents sorted by both date and content will ensure a much more simplified process in the future. This will allow an organisation to quickly and precisely identify what data resided on which servers when the back-ups were completed. This systematic cataloguing should also involve a consideration of unofficial back-ups, such as those created ad hoc by IT staff during times of system change or redundancy. All of this careful cataloguing must also be regularly tested by the performing of audits and tests. These can ensure
that knowledge of the tapes and their content is accurate, and that they can be retrieved and restored without delay or drama.
New media The next crucial step which companies need to take is to transfer back-up data to new media. Doing this can be a difficult and time-consuming process, but it is one that is crucial to allow backups to be quickly and readily accessed. Before any data can be transferred and upgraded, it is crucial to be fully aware of the media used to record and access historic back-ups. The hardware and software used for older back-ups can often be upgraded during an infrastructure overhaul, leaving the data inaccessible. Making sure that this hardware and software is always available is one way around this problem, but this can be both expensive and very inefficient. A much better option is to source this hardware and software temporarily and work out a way of transferring the old back-up data onto new media. This will allow all back-ups to be stored in the same place and in the same way. Doing so will save time, effort, and space in the long term. There are undeniable security advantages to maintaining an offline back-up database, but creating a fully complete set of back-up data on readily accessible media should be a priority regardless of whether old tapes are kept.
Final stage The final stage in developing an accurate and up-to-date view of back-up data storage systems is to closely review how much data should be kept. As regulators demand greater levels of Continued on page 20...
Network Security
19
FEATURE ...Continued from page 19 transparency and call on constantly increasing quantities of data to prove good practice, working out what is and is not relevant can be a minefield. Should an organisation be faced with an unexpected legal case, a poorly planned retention policy could potentially prove even more damaging. Backup data provides an accurate snapshot of past practice that is not reliably available in any other way. To this end, it may be necessary to seek legal advice to guarantee that retention policies adhere to regulatory requirements. New retention policies should be applied across the board to both new and old back-up data, ensuring continuity throughout a firm’s entire data store. The destruction and deletion of past tapes and data which may result from this review of retention policy is also likely to free up a huge amount of space, both virtual and physical. Addressing back-up retention therefore has the potential to save a company space and money in addition to making their lives easier in the event of regulatory enquiries, e-disclosure exercises and corporate investigations. Back-up data provides a far more accurate snapshot of the data environment than live collections, and yet for many businesses this data is hidden, inaccessible or poorly catalogued. Firms ...Continued from page 2 they may have been login details shared with other sites. Speaking about both stories, Ross Brewer, vice president and managing director for international markets at LogRhythm, said they, “provide yet another example of the importance of strong online passwords that are not reused across numerous websites and online services. Cyber-criminals are becoming increasingly determined to access user credentials, with advanced automated tools that are designed to seek and steal usernames and passwords with minimal effort. As such, we hear time and time again about breaches stemming from hackers using these smash and grab techniques to build a database of credentials and then effectively ‘trying every key in the lock’ until it opens.” 20
Network Security
therefore need to locate their tapes, see if they work, catalogue them clearly, and make sure that they are readily available at all times. This ensures that they are compliant with existing and upcoming regulations and they are ready to provide evidence of good practice in the event of any future problems.
About the author Phil Beckett is managing director at Proven Legal Technologies. He joined the team after spending seven years leading Navigant Consulting’s European Forensic Technology practice. Beckett has a masters degree in forensic computing from Cranfield University and is a Fellow of the Association of Chartered Certified Accountants (ACCA), winning the ACCA Gold Medal when he qualified in 2001. Throughout his career, he has provided advice to lawyers, regulators, corporate entities, not-for-profit organisations and other stakeholders in relation to forensic investigations and e-disclosure projects in both the public and private sectors in the UK and also internationally. He specialises in advising clients concerning the preservation and investigation of digital evidence, the interrogation of complex data sets and the disclosure of electronic documents. He is also a qualified fraud examiner and has been a recognised court expert in relation to various aspects of digital evidence. Speaking about the Uber story, Ken Westin, senior security analyst at Tripwire, said: “The amount of data available on underground forums and markets is reaching horrifying levels, simply because there are data sets that nobody knows where they came from. In many respects this trend reveals the number of breaches that are occurring that go unreported, or undetected and not just with service providers themselves, but also when data sets are shared with business partners, or when the data is compromised between device and server. There is value in this data in the underground, so individual cyber-criminals and syndicates are working overtime to identify weaknesses in everything from email, social media, loyalty programmes and other sources.”
EVENTS CALENDAR 19–22 May 2015 OWASP AppSecEU Amsterdam, Netherlands https://2015.appsec.eu/
26–29 May 2015 Hack in the Box Amsterdam, Netherlands http://conference.hitb.org
26–28 May 2015 IFIP SEC 2015 Hamburg, Germany https://ifipsec.org/2015/
2–4 June 2015 Infosecurity Europe Olympia, London, UK www.infosecurityeurope.com
2–3 June 2015 Infosecurity Intelligent Defence Olympia, London, UK www.infosecurityeurope.com/ intelligentdefence
26–30 July 2015 AHFE – Human Factors in Cyber-security Las Vegas, NV, US www.ahfe2015.org/board.html#hfc
1–6 August 2015 Black Hat USA Las Vegas, US www.blackhat.com
29 September 2015 Government IT Security & Risk Management London, UK www.whitehallmedia.co.uk/govsec
20–21 October 2015 Cyber-security Summit Minneapolis, US www.cyber-securitysummit.org
April 2015