What happens after a breach? The vultures descend

There have been so many breaches. In every case, the business or agency affected realizes that they must spend money to fix the breach. That’s when the vendor sales teams come out of the woodwork. Everyone has something to sell. New analytics, new detection mechanisms and new management offerings are just some of the products. However, in almost every case, a quick decision on a new product would be like putting lipstick on a pig. At the heart of a breach is a fundamental problem with people, process and technology associated with security. While a witch hunt for the base problem may be happening, it’s important to take a step back, take stock of what’s good and bad about what is already in place. Re-look at processes and find the gaps that need to be considered. But most important, what is the scope of the processes?

Too many systems to manage securely

Too often, a business will have multiple domains that are independently managed. For example, there may be separate domains for management of desktops, web servers, application servers, data warehouses, transaction servers and database servers. My experience has shown that when a breach is found in one area, the other areas breathe a sigh of relief as it is not their problem. That’s a bad attitude. Business problems are end to end solutions that cross several of these domains. As such, a business should be looking to collaborate their security and harden processes across domains rather than manage them individually.

Create an Enterprise Security Hub

The IBM mainframe is an ideal hub for centralization of security focus. For the same reasons that IBM calls the mainframe the System z, z being for zero down time, it could have been  System s for fail safe security. IBM has spent years in hardware and software R&D to harden the mainframe for business resilience and security and include that level of functionality in the basic hardware and software systems. The bulk of the built-in security services meet industry standards for interoperability and programming interfaces. As a result, these services can be executed on behalf of any other system or server that is interconnected with them. This includes usage as an authentication server, managing logs, providing real-time analytics to prevent loss and a central site for audit management. Unfortunately, no sales person is going to run to a business to brag about these capabilities. The unintended consequence by IBM and for its customers is that with all this capability “inside the box” they don’t have a commissioned sales force pushing these functions. IBM has a wide variety of software solutions that they are selling for distributed domains. They have software to manage the mainframe better. However, there is no end to end play that focuses on the mainframe as the central hub for enterprise security.

Wealth of Documentation

All is not lost, however. IBM and their Business Partners have a wealth of documentation and capabilities to demonstrate the strength of the mainframe for enterprise security. European customers can attend an excellent security conference in Montpellier, France from September 29 to October 2. The IBM Design Centers provide briefing centers and proof of concept capability tailored to an organization’s needs. There are IBM Redbooks describing the security functionality, including cryptography, analytics and Digital Certificate management for global authentication.

Shared Credentials to sign on via Biometrics and Multi-Factor authentication

There are also a wealth of up and coming vendors that can contribute to end to end security. Two that I’ve been working with are Callsign and Cyberfy that can leverage a mobile device for multi-factor biometric authentication in a consistent way across platforms. Throw away your userids and passwords that could be key logged and stolen and move to something that is truly unique to an individual. With these tools, a common authentication is used and managed across a wide range of servers and applications. Common authentication is the center of cross domain security management. Without a consistent authentication mechanisms, it becomes extremely difficult to correlate security activities across domains.

Operational Collaboration

I started this about breaches. A mainframe can provide and collect a wealth of forensic information across systems. As the host server for a tremendous amount of financial and personnel transaction processing, this information is used in real-time to prevent fraud because of the mainframe’s ability to run multiple transactions and database servers simultaneously, with integrity, while satisfying a service level agreement. This combination of functionality can work well with network attached applications and user devices.

These are the tenants that provide the foundation for hardening an environment. If a business or agency looks at what they have already and they find a mainframe, they’ll find a wealth of capabilities to lock down their end to end systems. The most important element is collaboration across organizations. Through collaboration, organizations can find weakness and inconsistency.  Once these efforts are undertaken, then the gaps can be identified and the acquisition of new products can be done intelligently.

Start Locking down systems before it’s too late

If anyone needs assistance getting started in locking down their systems, give me a call. Don’t wait until you’ve been breached, it will only cost more to solve the problem. As has been said, an ounce of prevention is better than a pound of cure.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s