One expert recommends role-based monitoring to help protect public sector networks against internal and external threats.
Sophisticated cybersecurity attacks can threaten an entire organization, but IT leaders should remember that attacks can also come from within the network, not just from criminals on the outside.
For example, the FBI apprehended Jason Cornish, a former IT administrator at a pharmaceutical company, after he deleted the contents of the company’s virtual hosts in 2011. Cornish had used his legitimate credentials to log into the network in February and wreak havoc. He crippled the network, so employees couldn’t email, ship products or cut checks.
According to Eric Chiu, co-founder of virtual infrastructure company HyTrust, public and private sector organizations are especially vulnerable today because external threats are given higher priority than internal ones -- a dangerous choice in a world where virtualization and hosted solutions are on the rise.
“Your IT or your super admins have gotten even more powerful, right? They can steal data from any system that’s virtualized,” he said. “You have to think about moving from an outside-in mentality around security to really an inside-out approach.”
Chiu recommends role-based monitoring for increased security on evolving networks. Role-based monitoring is used to regulate access to resources based on individual users' roles in an organization. A person is allowed to do certain functions or view certain data based on what is appropriate for his or her position. This is different than traditional object-oriented access control where the security of data objects is based on their “behavior” within the system and what else they’re connected to.
Role-based monitoring allows network administrators to zero in on user behavior and identify unusual activity.
“We’re monitoring all of the user activity at very granular detail, but we’re also comparing it against what should be happening,” Chiu said. “What is that person’s skillset? What’s their day job? What resources should they be allowed to manage?”
In his opinion, role-based monitoring is the optimal approach in a digital environment where criminals can impersonate users and infiltrate networks. But this approach would also put a red flag on suspicious behavior by actual employees.
“Government agencies and defense and civil sectors are all being asked to move to the cloud." Chiu said.
Tighter access control is crucial in virtual and cloud environments, according to Chiu, since skilled hackers and malicious insiders can find data housed on virtual servers in software layers pretty easily. It would be tougher if data was distributed among multiple on-premise servers, but that approach is declining in popularity.
Chiu feels that role-based monitoring would be a boon to government agencies, especially as federal agencies move towards more vigilant network monitoring.