Verify your information

I recently had the privilege of attending a convention and training in another major city besides mine.

I was leaving the hotel and summoned a popular ride service to get from the hotel to the airport.  Of course, in their app, when a driver agrees to pick you up, you get their name, their picture, the make and model of car they are driving, and their license plate.   Me being the untrained traveler that I am, got into a car that I shouldnt have.

 

Where did I mess up?

I didn’t verify the information that I had with the information provided to me.  Make and model closely matched, but the plates and the driver didn’t.  Thats where I messed up.   I realized it when it was too late.  I was already in the car and on the highway heading to, hopefully, to the airport.   Suddenly, my parents voices were in my head “Don’t get into cars with strangers.”

 

“Glad you’re safe and all but how does this apply to IT?”

Well, I’m glad you asked.   When companies try to promise you that their products can do X, Y, and Z, checks all of your boxes and gives you the world on a silver platter, you may want to take a step back and research so and so company and make sure that they truly can fulfill your requirements.

How do you do this?

Ask around.   There are vendor/product-agnostic communities out there of IT people that are willing to tell you what you want to know in regards to that vendor’s product.   Seek out unbiased feedback.   Do your due diligence. You never know.   That vendor may be able to provide you with all of your requirements, or they may be inadvertently causing you to void another companies support/warranty contract, or worse, break another product altogether.

Protecting the Jewel

So, in the last post, we discussed the biggest asset IT can have, the data.   But, does the Queen of England keep her jewels out for everybody to be able to touch?  Nope.   Do banks let people walk right into the vaults to touch all of the money?  No.   So, what do we need to do to protect the data?

There are 2 big things that IT people do to protect their data, and they go hand-in-hand:

  1. Least Privileges (aka JITJEA, Just-In-Time, Just-Enough-Access)
  2. Backups
Least Privileges

Does you remember when Edward Snowden released the NSA documents back in 2013?   Regardless of which political party you most identify with, Snowden made big news and made companies rethink their internal IT security strategies.   Basically, he had access to a LOT of documents, some he probably didn’t need access to.   Was this his fault?  No, it was the NSA’s for giving him access to all of the jewels instead of limiting his access to just what he needed to know and needed access to.

This is where the Least Privileges philosophy comes in.   Give the user or administrator just enough access to do their job.   If the user needs more access to fulfill their job requirements, then it is the responsibility of their supervisor to request access on behalf of the user.   This access request also needs to be documented, preferably by a helpdesk ticket, in order to protect the IT department and the user in the event of an audit or investigation.

The least amount of people that have access to the data to manipulate the data, the safer the data is from losing its integrity.  Does everybody need to have the ability to store files on the file server?   No?  Then look at the permissions of the file server and begin taking people out that have no business in that particular folder.   If they truly need access, then they will ask their supervisor, who will then submit a ticket asking for permission on behalf of the user.

Backups

Backups are CRITICAL to an organization.   If a critical system within the organization accidentally corrupts the data, then how would the data or system be recovered without a backup?   It can’t.   Like I said before, without that data, it could be catastrophic to the organization.   Backups needs to have the ability of doing 3 things:

  1. Restore data – What good is a backup if you cannot get data out of the backup?   Its not.   This is why it is imperative for the administrator to check their backups and make sure that they are reliable backups.
  2. Restore data back in time – Time travel is great, in backups.   I have had users come back to me and tell me that they accidentally deleted a file (eh, it happens, we’re all human, but it took away availability) from last week and they need it restored.   What if you only had one set of backups that were taken last night?   That file that the user needed could be critical to the organization, and now it is gone because last night’s backup just overwrote the backup from before that the file was on.   This is why it is necessary to have incremental backups in different points in time for critical systems.
  3. Survive a real world catastrophe – There have been a number of natural disasters, from the tsunami of Sri Lanka to Hurricane Katrina to Superstorm Sandy to Hurricane Harvey.   Natural disasters can happen anywhere.   What happens if it is at your location?   Will your backups survive the devastation or will it be safe at another location outside of harms way?   Could your organization survive without the data?   If not, then it probably needs to also be stored offsite of your production location.

This is where the 3-2-1 rule comes into play.   Many people have different philosophies on this rule, but this is my take on it.   It is not hard and fast, but has helped me in the past.   You need to have 3 copies of your critical data (1 in production, 1 onsite, and 1 offsite).   Production data is just as it sounds, the data that the company is currently running on.   Onsite backups can be on the same physical site as the production system, but are not at a risk of being lost if the production system was to fail for some reason.   This allows for quick recovery, less downtime, and less production revenue loss.   Offsite data is the set of backups that are offsite.   As mentioned before, if the production facility was to be destroyed by whatever means necessary, the organization could rebuild (from insurance money, etc) and restore the data from the offsite data.

Backup Management

Find a way to manage these backups and how you plan on keeping up with them.   There are a lot of good management platforms out there.   Depending on your environment and needs will determine the strategy and management of the system that you need.

The Big Jewel

What is it?

So, what is the biggest prized possession of IT?   Is it the people?  No.   Is it the equipment? Not really.

IT’s biggest asset is the data. The data could consist of a number of different things, as it pertains to the organization and how it operates.   To a manufacturing organization, it could be the way they manufacture their product, or their list of customers or suppliers.   To a non-profit, such as a church, it might be its patrons, or the people that it is serving.

Why is it so important?

Consider the absence of the data.   What would happen to the organization that the data was important to?   Would they be able to continue to operate or would they have to close their doors as they have no way of making money in order to continue operations?   More than likely not.   The organization could attempt to recover as much data as possible, either through reproduction from past reports, peoples memories, etc, but by then, the organization’s business advantage could be lost to its competitors and could take a very long time, if ever, to regain that competitive advantage.   Otherwise, it would close its doors, go bankrupt, and layoff all of its employees.   This is why data and keeping it safe is so critical to the organization.

How do we keep it safe?

There are 3 main factors to keeping data safe in both storage and transmission.   It is called the CIA triad, Confidentiality, Integrity, and Availability.   Let’s break this down as to why it is important.

Confidentiality

This is the main cause as to how breaches happen.   A user in the network clicks a link that installs a program onto their computer, unknowingly.   This program gives the attacker the ability to see the user’s data, such as their position, other people that they talk to, and the information that they may have on their computer.   If somebody of importance within the organization becomes compromised, then organization secrets could be revealed on a public website and that data is no longer confidential, especially to competitors.   Now the organization’s competitor knows the organization’s competitive advantage and knows how to overcome that and keep their own advantage.   Hence, the compromised organization has lost business and will eventually close its doors.

Integrity

The organization has to rely on the integrity of its data, believing that it is true to the context and timeliness of the organization.   If the data loses its integrity because of a breach, then the information derived from the data would lead the management team to steer the organization into a direction that would ultimately mean the organization’s demise.   If the breach was discovered in time, could the data regain its integrity, giving management correct information to be able to correct coarse?  Maybe, but very unlikely.   Once the faith of the integrity of the data is lost, then it is very difficult to regain faith into the data and trust it again.

This typically doesn’t happen unless there is a “bad actor” within the organization, intentionally feeding it bad information.   Without checks and balances to make sure that everybody is doing their job correctly, this is hard to determine when it is happening.

Availability

Lets put it this way.  What if you suddenly lost access to your bank account?   Would you be able to know how much money was in your account?  Maybe.   No access after some time?   Now it begins to get hard.   This is similar to what organizations face when they lose the ability to access their data.   Without the ability to access information, organizations are operating in the dark, if they can even operate at all.   Typically this happens by an infection of ransomware of some type.

Remember the Petya outbreak of 2017 that infected just about the entire globe?   That is exactly what happens here.   The virus could infect, not only the users local machine, but servers that contains the data, encrypting that data, making it unavailable to the user.   Typically there is a message on the infected system saying that the contents have been encrypted and to pay a ransom of some amount in bitcoin (or some other cryptocurrency) in order to receive the decryption key and decode the information.   However, its been shown that, even after paying the ransom, the decryption keys typically do not work, and the data is left unable to be recovered.   Even if the key did work, the original source of the infection still has to be dealt with in order to prevent a relapse.

Conclusion

This is why it is so important to keep data safe.   Not only to keep IT in a job, but also to keep the organization in a competitive advantage within its market.   Therefore, data is the Big Jewel of the organization.