Grant Shirk, Vice President of Marketing at Vera, talked about a new security model that’s focused on data access rather than on data possession.
In his presentation at the 2017 Chief Information Security Officer Leadership Forum held on September 26 in Dallas, Grant Shirk started by recapping the three key themes of the day:
• System Complexity: The complexity of what we’re trying to deal with—devices, technology, perimeters, the business ecosystem.
• New Attacks: “The focus of a lot of these attacks has moved from infrastructure that we own and manage to third-party systems. We need new ways to protect this information, and we need to share this externally.”
• Employee Behavior: “At least 10% of data loss occurs when smart people do dumb things—sometimes on purpose and sometimes by mistake. How do you recover if your infrastructure is focused on monitoring and reporting?” he asked.
“If we have 3270s, if we have mainframes, we have to keep this stuff alive. We can’t throw it away. As we head into the world of GDPR, we know that technologies like DLP and CASBs solve very specific problems, but they’re all focused on the challenge of controlling possession of information and who has access to what physical data and systems. We need more depth to solve some of these challenges,” said Shirk.
“Attackers, however, have very different goals. They’re trying to get to that crown-jewels data. They’re trying to get access to the information that’s valuable in and of itself or information and credentials that will get them access to something more financial and tangible. We’re seeing a big shift—not in what we have to spend to defend against but what the attacks are coming against. Encryption, firewalls, access, and access control are focused on confidentiality. What we’re seeing, particularly in many of these ransomware-driven attacks, is that the threats and targets are shifting dramatically. The most damaging attacks are addressing availability of our data and preventing us access to critical content to run the business,” he stated.
“What we’re seeing, particularly in many of these ransomware-driven attacks, is that the threats and targets are shifting dramatically. The most damaging attacks are addressing availability of our data and preventing us access to critical content to run the business.”
“Of even more concern are the attacks on integrity—people going in and manipulating data sets that are driving the decisions we make. These types of attacks are rapidly changing, not only in terms of the technology and the number of attacks, but we’ve see two recent variants in which data is being exfiltrated. In the most recent version of Petya, they didn’t care much about the bitcoin; the data exfiltration was the focus. In this case, the first point of resolution is to clean up the system and get the data back to keep the business moving forward. However, if you’ve been attacked by ransomware in the past three months, you also have to protect against a pending data breach. The data has been copied from your machine, and the attackers have the keys to decrypt it.”
“If you’ve been attacked by ransomware in the past three months, you also have to protect against a pending data breach. The data has been copied from your machine, and the attackers have the keys to decrypt it.”
Regarding integrity, Shirk commented that there are the technically interesting but terrifying scenarios involving ghostware, in which the attacker goes into the system, manipulates the data, and erases its tracks, so there’s no indication it's been in there.
“We need to break away from this concept that possession is the core thing we need to defend against. We need a more proactive focus that enables people to collaborate to work inside and outside the firm flexibly in a more integrative approach. We need tools that can see across multiple systems and multiple environments that are integrated into a fabric where we’re looking at the same data points and content across all of them.”
In summary, Shirk observed, “At the end of the day, we’re trying to protect the information, so if we can collapse these protections down to this more atomic level, we get greater capability and flexibility. This allows us to switch from a model where we’re focused on blocking and restricting possession to managing access. We need to break that dependency. This would involve a much more automated and transparent system that gets us closer to a zero-trust environment.”
“At the end of the day, we’re trying to protect the information, so if we can collapse these protections down to this more atomic level, we get greater capability and flexibility. This allows us to switch from a model where we’re focused on blocking and restricting possession to managing access.”
ABOUT GRANT SHIRK:
Grant is Vice President of Marketing at Vera, where he’s focused on helping global businesses secure and share critical information with customers and partners. An expert in trusted collaboration, enterprise SaaS, and demand generation, Grant has helped brands like Fidelity Investments, UPS, USAA, and Viacom design and deliver elegant, intuitive, and useful solutions to their customers and employees. With over fifteen years of experience in marketing strategy, positioning, and product design, Grant has built highly efficient product and marketing teams at Box, Microsoft, and Tellme Networks with a focus on unique positioning and rich, customer-driven storytelling. Grant received his B.A. in History from Stanford University.