With increasingly extended and dynamic enterprises, the distinction between insiders and outsiders is becoming blurred and what organizations can expect to control is less clear.
Before the 80s, IT functions were localized in physically secure and tightly controlled environments. The rise of the Internet saw the distinction between external and internal networks, with the DMZ (De-Militarized Zone) emerging as the perimeter between the two. But today, with demand for anytime, anywhere access and more mobile devices, the distinction between what's in and what's out is disappearing. In effect, the walls are coming down and the enterprise is becoming de-perimeterized.
But any reader of John Le Carré's Tinker, Taylor, Soldier, Spy knows that this is not new. Field agents have operated in the hostile de-perimeterized world for years. They trust no one and protect their true identity and the confidentiality of their information to the highest degree. The difference is that the Internet has twice as many users as there are people in the USA, so the focus must change from just detection, prevention and reporting – to securing all communications across the open, distributed and potentially very hostile environment.
Identify, Protect and Comply
Strong mutual authentication is a pre-requisite for secure communications. Both parties must identify each other and avoid sending or receiving data from people they don't know. The receiver must know that data is coming from a trusted source before accepting it and be sure that it has not been tampered with. The sender must know that the data is going to the right person and unauthorized eavesdroppers must be kept out.
Identifying both the person and device helps to foil impersonation from identity theft or rogue devices such as wireless access points as well as cut out spam from unsolicited sources. It also allows sensitive data to be sent to a managed computer in a known environment while preventing it going to an untrustworthy machine in an Internet café, for example.
As attackers will always seek to break the weakest link, a simple password is no longer sufficient for identification as it is readily cracked or cloned. Most standard security protocols that support secure communications such as SSL (Secure Socket Layer) do not use passwords but rely on more sophisticated cryptographic techniques.
However, twever,Hhe strength of mutual authentication depends as much on processes and policy as it does technology. Just as a spymaster devotes time and effort to recruit agents that can exchange messages with the briefest of protocols, strong mutual authentication must be built on secure enrolment to bring a person, program or computer into the circle of trust. This process must also provide economies of scale to prevent costs spiralling as the number of people and devices increases.
Channel security and confidentiality
Keeping point to point communications private between mutually authenticated parties typically involves the use of SSL or tunnel security such as a VPN (Virtual Private Network) while private messaging can be employed to secure multi-party communications. Content security must also be used to protect the confidentiality of data stored in a file, database or archive medium over its entire lifecycle and ensure that it can be read and manipulated only by authorized people or programs.
But with increasing threats from viruses, worms, Trojans and other malware, which allow identity theft, impersonation, key-logging and spoofing, the use of traditional operating system and database mechanisms to protect confidential data is increasingly being challenged. Recent research shows how Windows 'honeypot' computers can be compromised on average in just 10 minutes and some within just a few seconds.1 Instead, other cryptographic techniques are needed to ensure the integrity of data stored on a machine that may be infected or under attack.
Compliance and Audit
Increasing pressure to comply with government legislation and industry best practice, means that organizations now have an even more pressing need for compliance – or face hefty fines and a damaged reputation.
Easier, cheaper and more automated and scaleable ways to audit and to prove compliance are needed to replace largely manual methods. Implementing stronger identities and mutual authentication, in conjunction with content security to control access to sensitive data, are essential first steps. However, they must be combined with secure policy automation and audit trails to achieve cost-effective and scaleable compliance.
Cryptography holds the key
Leo Marks, head of codes for the British Special Operations Executive (SOE), set up by Churchill to infiltrate agents into German-occupied countries, understood the de-perimersed world only too well2. Marks realized that cryptography was the only effective way to identity and protect his agents. He produced huge quantities of cryptographic keys written on sheets of silk that could be sewn into an agent's clothes to encrypt their messages and evade detection.
Today's IT security challenge to identify, protect & comply is very similar and is also underpinned by cryptography: digital signatures for strong mutual authentication, message integrity checking and secure audit along with encryption for confidential channel and content security.
Specialist organizations have already demonstrated that a deperimeterized approach is possible, albeit using highly customized system components and relatively limited scope. But increasingly off-the-shelf products are becoming available to allow much wider adoption of the principles at much lower cost. For example Microsoft Windows now contains highly integrated cryptographic support as standard – at essentially no incremental cost.
But as deperimiterization moves mainstream across large enterprises, these cryptographic mechanisms must be uniform and scaleable or the costs of managing the resulting system will be prohibitive. Providing lifetime management of cryptographic keys across hundreds of applications and thousands of servers, end users and networked devices raise four common requirements:
The author is product manager at nCipher
Cryptography in the real world
BACS, one of the world's largest and most established automated clearing houses, is at the heart of the UK payments industry. With over 100,000 UK business customers including all of the FTSE 100, most people's salaries in the UK get paid directly into their bank accounts through BACS. And with the growing number of Direct Debit and Direct Credit payments, BACS processes more than 3.7 billion financial transactions a year – handling up to 60 million payments a day.
The NewBACS technology renewal programme was designed to meet the growing demand for more efficient and cost-effective electronic payment by replacing the existing BACSTEL telecoms network with sophisticated Internet-based technologies called BASCTEL-IP. The BACSTEL-IP system is based on Internet protocols and uses advanced public key cryptography to provide the highest levels of security for the exchange of information between banks, their customers and BACS.
To prove the identity and establish the legitimacy of individual customers and prevent fraud, banks issue digital certificates on smart cards to digitally sign documents and transactions. The use of a digital signature proves the authenticity of the transaction from the sender and also guarantees that the data exchanged has not been modified or tampered with. All of these functions and the entire trust infrastructure rely on the integrity and secrecy of the private cryptographic keys used to issue certificates and encrypt information.
As the world's dominant Web-based aerospace and defence exchange, Exostar brings together manufacturers, suppliers and customers to trade and collaborate. The exchange is built around the efficient flow of sensitive information in the form of financial transactions, product specifications and project descriptions between remote participants from different organizations.
Particular attention is given to the authentication process used to identify users and to extend this access control into other systems by securely sharing authentication information. The system protects keys associated with individual users and enables end-to-end encryption of exchanged documents and protects and manages keys used to encrypt documents stored or archived.
It also digitally signs all SAML transactions, a secure XML-based language used by Web services in the exchange of authentication information and security credentials from one site to another, or for users to gain access to other applications. And finally, the system digitally signs audit logs to ensure overall integrity.
Until recently, cryptography has been restricted to isolated applications and situations such as SSL connections, VPNs, secure email and physical access with smart cards. But this is changing. As strong identity and authentication schemes, combined with secure messaging and content security, become the cornerstones of security in a de-perimeterized world, so cryptography is essential to underpin the need to identify, protect and control.
Just as the SOE agents' ciphers on silk squares were crucial to securing covert operations from enemy territories in WW2, so the authentication and encryption of internet-style protection are the keys to increasing security controls and achieving regulatory compliance, while reducing operating costs, in the next generation of corporate IT infrastructures.