Open in app

Sign in

Write

Sign in

First Principles solution to Data Breach

hubbertsmith
5 min read1 day ago

Data breaches are daily news, with worldwide business consequences.
Data breach is solvable with a First Principles solution. Both measurability and business value are essential.

First Principles approach:

0) Frame the problem, measurably, with business value

1) Question current assumptions.

2) Break the problem into its most fundamental elements.

3) Rebuild solutions from those essential elements.

0) Frame the problem –

The initial problem statement CISOs ask, “What keeps my data from walking away?” (real world quote). Heard during a project where contractors used machine learning to process sensitive business data.

The more concise and measurable problem statement: “Prevent data breach, including by valid users.”
Measurable: the problem is solved when a valid user walk is prevented from walking away with protected data (ie. exfiltrating data).

Business value: CEOs will either innovate and risk data breach; or lock data away and fail to innovate.

1) Question current assumptions –

“Preventing penetration is protection from data breach.”
No, valid credentials are frequently used to steal data. Evidence: data breach is daily news.

Valid credentials can be used by disgruntled users, exiting employees, contractors, and 3rd parties.
Valid credentials can be harvested by phishing or simply purchased off the dark web. Valid credentials are then used to access systems, search, and then steal sell-able data.

Conclusion: current network security and identity access security fail to prevent data breaches.

2) Break the problem into its most fundamental elements –

Network: data-in-motion is encrypted, always. Data breach involving network transmission is rare.

Storage: data-at-rest, is encrypted, always. Brute force access into storage, then taking encrypted data to conduct brute force decryption later, is vanishingly rare.

Data-in-use: is NOT encrypted. Valid logins provide system access, and valid logins provide unencrypted access. That is by design. Valid logins are the path of least resistance for cybercriminals.

With a valid login, taking the data is trivial — by email, usb, g-drive, git, ftp, and many, many other utilities.

Conclusion: data-in-use, accessed by valid logins, is the path of least resistance and understandably the root cause of most data breaches.

Legacy data security falls short of the measurable “prevent valid users from taking data”.
By definition a valid login ID provides access, with access data can “walk away”. Taking data is trivial with valid login ID. So “friendly” employees, contractors, 3rd parties can easily walk away with data. And “un-friendly” cybercriminals can phish or buy valid credentials; and the data “walks away”. Cybercrime is rewarded by selling stolen data on dark web.

Conclusion: Data Loss Protection, Endpoint detection and response do not work. If they did work, then every system would have them, and data breach would not be daily news.

Conclusion: Our measurable is “prevent data breaches, including valid IDs”. Prevent breach of data-in-use, must assume valid credentials will be available.
This reality turns our focus to data security, data I/O. Data security is a data storage problem, not a network problem.

3) Rebuild solutions from those essential elements –

First Principles problem statement: “Prevent data breach, including by valid login access.”

Element 1) Storage: Prevent data breach (from what?)
Prevent data breach from a data storage location; a storage volume
This is consistent with CIS Data Management Policy template — look for “location”
https://www.cisecurity.org/insights/white-papers/data-management-policy-template-for-cis-control-3

Element 2) Access: Solution has approved valid login access to data-in-use (people gotta do their work):

Element 3) Prevent unauthorized data exfiltration: Solution includes data I/O control to allow or disallow data exfiltration (like eBPF, but for data storage, data security) from data-at-rest (encrypted data storage) into data-in-use (non-encrypted data accessible in a virtual server or cloud) and back.
It is not enough to reduce data exfiltration. We Prevent data exfiltration.

Element 4) Deploy-ability, useability: Solution must be easy to deploy out-of-the-box, as a virtual machine. Both on-prem and Cloud.
Solution must work without breaking pre-existing network security or identity security.
Solution must work without requiring cybersecurity experts or infrastructure experts.
Solution must prevent exfiltration, and should include exfiltration tests to confirm success.

Element 5) Monitor: Solution monitors data I/O, prevents unauthorized data I/O. (Keeps the data IN).

Element 6) Log and Audit: For each secure data location, solution logs user access, logs data events. This is highly relevant when sharing sensitive data with 3rd parties and for data governance, risk and compliance situations.

Conclusion: The First Principles Solution to data breach is to keep the data IN a secure storage volume by controlling data I/O, preventing data exfiltration, and making all activity monitored and auditable.

The new cybercrime business model is: Data-in-use is accessible with valid logins. For Cybercriminals, the path of least resistance is valid logins. Phishing exploits collect valid logins. Those valid logins are used to access systems, and then upload data-stealing malware to exfiltrate the sellable data. Sellable data is data sets used for business analytics, sales histories, supplier histories, data analytics, and increasingly, AI for business.

Preventing data breach benefits us all. Consider businesses that more aggressively pursue data-driven business innovation; but only when the risk of data breach is mitigated. Consider their business partners and customers receiving a much improved customer experience. Consider “hands on keyboards” workers. They are more able to find gainful work, remote work with benefits to them, their families and their communities.

We hope this contributes clarity to the chronic problem of data breach. Data breach is daily news. Data breach is boardroom top of mind as SEC, GRC, GPDR and similar regulations are enforced.

The i4 Ops solution works, utilizing these First Principles. Our exfil tests pass.

i4 Ops is conducting a Red Team Hackathon. We urge you to participate.
You get access to an i4 Zero Exfil VM. You try to take our sample data. You have a chance to win $1,000. Every participant receives free use of i4ops systems for 45-days.

Please begin your journey toward real data security today.

We are always happy to hear from you: i4ops.com

--

--

hubbertsmith

Written by hubbertsmith

303 Followers

Distributed Teams Strategy+ Execution | Product Line Manager | Storage Expert | Author | Patent Holder

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams