The insider threat: Why perimeter security is no longer enough

An interesting shift in mindset was on display at the recent RSA Security Conference in San Francisco. People have stopped focusing on perimeter security – which is essentially the act of stopping the bad guys from getting into your systems.

Almost every commentator was delivering the same mantra: Perimeter security is no longer enough. So why the change in mindset? And what was their alternative?

The answer is simple. Now, most security and/or data breaches are not where someone has breached perimeter security – people are intruding via perfectly legitimate usernames and passwords. Perhaps they’ve stolen the details, obtained via phishing websites, or even just by watching over someone’s shoulder when they enter their credentials. How that happens is not the point.

The important thing is that no matter how many fancy firewalls or how much perimeter security you have, these technologies cannot deal with the new threats we’re all facing.

So, what can you do?

Increase security with user rights
This is where things turned a little strange at the conference, with vendors providing all sorts of automated tools to identify when an internal breach has occurred. One vendor even went so far as to propose “Matrix-like” automated bots to patrol your networks.

A bunch of tiny Agent Smiths?

I’m sure that these vendors all have great software products, but in the world of enterprise content management (ECM), we have a much more practical set of internal security measures. In fact, we’ve had them for many years.

A fundamental part of ECM is the concept of access permissions – namely, as a user, you can only access the information and functionality that you are granted by an administrator. The right ECM system works on a security-by-default mentality, specifically locking down all items unless you are explicitly granted permission.

This means that even if someone gains access via a stolen login, they would still only be able to get to that particular user’s content.

Further increase security with audit trails & logs
However, security doesn’t stop there. Those automated bots that the vendors want to send prowling around your network are wasting their time. Why? Organizations need only take a look at the comprehensive audit trails within an ECM system to do this work.

Robust ECM systems record every single user interaction with the ECM system, allowing you to deploy whatever level of analytics you wish to identify dubious activities or strange patterns in user behavior.

For example, should an office-based employee be logging in remotely at 3 p.m. while also logging in from his desk? Probably not. But you can easily accomplish these behavioral analyses with the type of information that ECM systems provide by default in audit logs.

The final line of protection: Encryption
Lastly, what happens if (or maybe when) someone does actually break through those famous perimeter security defenses? Well, you can easily use an ECM system to encrypt various parts of your content.

So even if someone manages to access your server’s hard disks and databases, the content they can see will be encrypted using industry-standard methods – methods that are Payment Card Industry Data Security Standard (PCI-DSS) approved. If you want to, you can think of them as your Matrix-like automated bots, patrolling your networks.

So thank you to all of the commentators at the RSA Conference for highlighting that perimeter security is not enough. Great job.

But perhaps next year, some of the ECM professionals could become security rock stars for a week and highlight some of their security-by-default concepts. The rest of the conference would no doubt be very interested.