It’s 4am, cold, dark and I’m running as fast as I can, wearing only a dressing gown. What’s going on? And what has this to do with IT security?
This true story begins a few minutes earlier when I'm woken from a deep sleep by Sarah, my partner. She's heard a noise and thinks someone is outside trying to break into our shed. I call on years of experience in dispensing advice on security policies, early warnings, threat assessments and incident remediation. "It's only a cat – go back to sleep," I mumble and promptly fall back to sleep.
Moments later, a cracking sound comes from outside and Sarah wakes me again. She's at the window and has spotted two would-be burglars breaking down the door to the shed. Telling Sarah to call the police, I grab my dressing gown, rush downstairs and outside.
The running man
I see the two burglars walking away with their booty. I yell "Hey!" They stop, turn around, see me, drop their stolen goods and start running. I start after them in my bare feet. I'm fast, but they're faster.
As they lose me down an alley, I slow to a stop, shout my last expletive at them and gasp for breath. The walk back seems long, I'm shaking with adrenaline and my feet hurt like hell. I reach home just as the police arrive. The burglars are long gone, leaving me with a broken shed. Luckily, they also left behind their would-be spoils.
We call a carpenter to fix the shed door. He shows us where the burglars tried to prise the lock off. The lock and padlock were too strong, so they ripped the door apart to gain entry. It was this noise that woke us up. In fact, one of them must have cut themselves on the splintering wood: they've left behind a spot of blood which Police forensics can investigate.
The carpenter can't make the repair immediately, and promises to come back first thing in the morning. I'm concerned at leaving the shed unsecured overnight. The carpenter suggests parking my car right next to the broken door of the shed. If anyone climbs on the car, or tries moving the door, the car alarm will sound. A great idea.
In the morning, the carpenter returns and removes the shed door by unscrewing the external hinges. It occurs to me that a clever thief would simply do the same and then empty the shed, without making any noise at all. The ordinary screws are replaced with clutch-head screws which can't be easily undone.
I think about wiring up a burglar alarm for the shed, but the cost of this would exceed the value of the contents.
Then it hits me: shed security reinforces many key lessons in corporate IT Security. Here are 10 key steps to keeping your essentials safe – whether they are tools in the shed, or core systems and data in the enterprise.
1.Real-time alerting and reporting are essential. If my partner hadn't heard the noises and woken me, the security event would have gone unnoticed and my losses much greater. The same applies in IT security.
2.Monitoring must cover all areas where valuables are stored. A burglar alarm for the shed might just be justified in a risk assessment calculation. But it's more important for the house, where real valuables are likely to be stored. In IT terms, this means monitoring the core systems where the company's intellectual property is stored and processed – not just the perimeter devices such as firewalls. This gives true core security event management (CSEM).
3.Don't ignore security events, however dull. I dismissed early clues to the shed break-in. In the same way, it's easy for a person to miss a sequence of minor alerts that signify a real security event.
4.Security policies need to be known and followed. My shed security policy was simple but effective: lock the shed door and try to react quickly to unauthorised access. The same approach in corporate IT saves time and money, greatly reducing the impact of a security breach.
5.Be calm and think through your actions. I ignored a proper remediation process completely and chased after the burglars, putting myself at unnecessary risk. Incident remediation processes are there to be followed.
6.Logs and audit trails are important – use them. Forensic analysis of the blood recovered by the Police could help catch and prosecute the offenders. In IT, events need to be securely archived for future forensic analysis. Regulatory compliance, industry best-practice and internal requirements will dictate the timescales for event storage.
7.Short-term fixes are fine, but only for the short-term. The idea of using the car as a shed door alarm was useful, but only as an overnight fix. Similarly, there are times when IT security rules are bent. If this becomes common, then the security processes and policies need updating.
8.There are two or more stages to a security review. The incident showed the screw fixings for the shed door needed revising. It's often easy to overlook security issues like this when reacting to an event. A cold, hard look at the processes and systems after an incident often highlights new approaches.
9.Don't be afraid to ask for help. Security experts exist in both domestic and IT security. By consulting the carpenter, I increased the security of the shed.
10.It's not about perfect security, but risk management. I could deploy more security systems on my shed, but does the risk merit the investment? It's just the same in IT security.
The author is ExaProtect's UK country manager.