In today’s world, IT professionals may find themselves asking some tough questions about network visibility: How do we see the whole network? What tools do we need? How do we stay compliant? Although not life or death questions, hats off to Hamlet, they are important to ask for an organization’s security posture. This is especially true considering the rise in data and network complexity, coupled with concerns about privacy and security.
Innovations in digital business, big data, social collaboration and the Internet of Things have pushed the limits of existing computing systems, in turn, forcing companies to up level their infrastructure including taking to the cloud. Encryption has also taken over half of the web. Organizations and their workforce have gained new levels of productivity and security in the process but have sacrificed visibility and control. This can be a problem considering all the sensitive information being handled by the modern corporate network.
In such an environment, sophisticated exploits still occur, information is still hijacked— all while complexity hinders the ability to see what is going on in the networks at a granular level. It makes it a difficult task to take on but it’s not without a solution. Here’s how businesses should address this challenge when security risks and compliance limit full visibility.
Peering Through the Mask
Full visibility is necessary when it comes to security. But some things should stay hidden, ranging from Personally Identifiable Information (PII) to critical production data. Standards and regulations on data are in place across industries that limit who can view and use it. How do you have both?
Data masking, where data access restriction essentially makes data invisible, replaces vulnerable, or sensitive data by obfuscating parts of it or replacing it with information that looks real. In essence, when data is masked, it’s altered so that the basic information remains the same but the key values are changed.
This does not mean that full visibility is no longer attainable, only that the data that shouldn’t be seen is, in fact, not.
When to Put on the Mask
There are several things to consider when parsing between data to mask and data to keep visible, especially when dealing with data protection requirements. Here are some cases in which masking can be particularly useful.
Testing
Companies must often have true-to-life datasets to test and develop relevant software. However, creating fake datasets can be both expensive and time-consuming. To fight this, real data can be masked and leveraged for the same purposes to boost efficiency without risking security. This is also useful when outsourcing, as it limits the exposure of the real data.
Monitoring and Recording
Companies usually need to monitor and record data, but by law cannot store PII. Data masking eliminates that concern, allowing companies to record while masking sensitive data.
SSL Decryption
While protecting data, Secure Socket Layer (SSL) encryption also poses a risk, as hackers leverage encrypted data to sneak in and pilfer sensitive information. As such, organizations decrypt and examine SSL traffic passing through their network to ensure there is no malicious activity. But SSL decryption means anyone with access to the monitoring tools can view the sensitive data behind the encryption. Fortunately, there are tools that can decrypt SSL data while masking the data that shouldn’t be exposed.
Doing It Right
Not all data masking solutions are created equal. To ensure you have the right one, it’s imperative that the organization already know how it is going to be used. In all, it’s about what is being masked, how easy access to data is meant to be and how it will be distributed.
For instance, is it just for the purpose of distributing data to a DLP device for analysis, or does it need to be amenable to native searches? If the latter, the solution should support regular expression (Regex). Further, if accessing data via Regex searches, network packet brokers may be worth considering. They allow for easy collection of data, search and distribution to monitoring equipment. There are also processors that can work with data masking solutions atop Regex that can help easily sift through traffic, identifying anomalous activity and other trends in application use. Network administrators simply specify what traffic to find and how it should be presented.
Ultimately, security in today’s complex networks and regulations comes down to how a network is seen -- not if all of it can be seen. With so much data floating around, it will be up to the company to decide how they approach the problem. Let’s just hope it doesn’t end in tragedy like it did for our friend Hamlet.
Tags: