Confidentiality is what you get when you have integrity
Integrity is the big gaping hole of security. A loss of integrity is what leads to data breaches, introduced by malware, viruses or malicious insiders. Malware and viruses are in fact integrity attacks, they compromise the integrity of the system. We don’t describe them as such because they way we deal with integrity is still very primitive. PKI is not and never will be the solution to integrity – while very successful for its original use case (SSL key exchange) is not even close to being usable for large-scale authentication of data at rest, needed to provide integrity for modern networks and systems.
Modern Security and The Human Body
We like to use analogies with the human body eg ‘viruses’ infect their ‘hosts’. Modern security, such as firewalls and sandboxing, search for intruders at the perimeter.
But like Hello Kitty masks, firewalls and sandboxing are only partially effective and are completely useless in the big mushy center of systems and networks. They are also completely useless against attackers that are on the inside. To prevent an attack they have to be 100% effective and therefore the odds are overwhelmingly in favor of an attacker.
The human body evolved beyond perimeter defense. It assumes compromise i.e. that intruders will enter the body – and reacts when intruders start to infect healthy cells. Ideally we should try to recreate this approach for systems – real time awareness and self-healing properties. If we can tag all components of the system and have real-time awareness on their state then we know when an intruder acts. We would know in real-time when the system is no longer in a clean state.
Achieving a Clean State
It’s a fundamentally different approach – instead of searching for needles in a haystack you have real-time situational awareness of every stalk of hay. When malware infects a crucial network or system component, the changed state of the asset provides a real-time alert, which can then be investigated, audited, and/or behavior stopped, putting the odds back in favor of defense.
With this real-time awareness, real-time incident response, real-time data-loss prevention, it is possible to detect and react to any misconfiguration, network and/or component/application failure.
Cyber Resiliency and Continuity of Operations
Extending the analogy further cells are repaired because there is a baseline genetic map to work from. Infected cells can be destroyed and new healthy ones produced. The equivalent for digital systems is that with real-time awareness of every digital asset and a baseline state to refer back to, systems can have resiliency even in the event of pervasive infection and attack.
As always evolution and biology point us in the right direction.
The world’s global auditing and management consulting firms are scrambling to propose new cyber security and data protection strategies to deliver above and beyond the best practices they previously recommended, which primarily focused on compliance and risk mitigation. They will also inevitably focus on more confidentiality – more encryption, more perimeter defense and they will also miss the point – confidentiality is what you get when you have system integrity. They just don’t have the tools to address the integrity challenge.