Over the last two years, it's been pretty clear that ransomware is a pervasive problem, one that fundamentally challenges an organization’s ability to recover. A technology gap still exists when looking at how to address the onslaught of ransomware. The old set of solutions no longer work. The easy answer used to be to backup the data. However, as threat actors change their approach by “kidnapping” data, Respond and Recover need to be addressed in new ways.
Is it time to DIE?
When security professionals came up with the Confidentiality, Integrity, and Availability triad, the technology landscape was different. Backup as a form of recovery worked because information was finite. It existed on physical devices, and organizations could protect those. Moving information to the cloud makes these three requirements less meaningful. The DIE triad - Distributed, Immutable, Ephemeral - is a new way to think about security
Designers and engineers act as the foundation for this change. By rethinking system design, the DIE triad can augment, or even replace, the CIA triad.
Give the cloud an A: Distributed
If you ask someone if they want their documents available to them anywhere, they’ll likely say yes. People and organizations are happy to pay to have the data available on any device because they like the convenience. The move to cloud started with convenience as the business driver, but it’s also a new form of backup that’s baked into processes.
However, it helps address some security issues and even offsets some of them. With distributed data, you don’t need to worry about whether the component storing it is available because you always have another copy of it somewhere else. If a laptop is encrypted, then the user can still access it if they can access the cloud. System designers have the foundation of this building block with distributed cloud infrastructures.
Swap an I for an I: Immutable
The more immutable data is, the less organizations need to worry about its integrity. Blockchain gives an example of the way making data immutable removes the need to worry about integrity. If the system can document who made changes, what those changes were, and when they were made, then the need for integrity goes away.
System and solution designers need to find ways to make data immutable. When you build that into the system itself, integrity becomes redundant.
A new way to C: Ephemeral
The cloud’s ephemeral nature changes how people use data and what confidentiality means. If data can be deleted, then the need to maintain confidentiality goes away. Technologies like Docker containers, serverless architectures, and serverless functions fit into this category.
If you design the system in a way that’s ephemeral, you can remove it without worrying about a cybercriminal gaining access. Of course, this ephemeral quality also relies on the distributed nature of the cloud. If you store all the data in this one ephemeral location and it gets wiped, then you lose it entirely. If you’re designing the system with both the cloud’s ephemeral and distributed natures in mind, then confidentiality becomes less of a concern.
Review Your Design
With a DIE architected environment, you have little information that requires protection. Attacks against DIE environements do little harm to data. Despite minimizing the amount of data that requires the protection of confidentiality, integrity, and availability, organizations will still have some that needs to be secured. Attack Detect and Respond (ADR) tools provide value in two ways.
Fundamentally, you need to validate that the data you think is DIE, really is DIE. If you design systems properly such that they are DIE, then when they are attacked you should largely not care. If you run an attack emulation, you can validate whether you care about the information impacted or not.
If you do care, then this becomes a cause for concern. In other words, with DIE, you don’t need to have protections in place because you don’t care about whether the data is impacted. By running an attack emulation, you can validate that you don’t need protections around that data. If you find that you do need protections, then you have a problem.
Validating CIA Controls
This is the current use case that most people recognize. John Allspaw said, “incidents are unplanned investments.” Even with a DIE approach, you may have information that you feel requires confidentiality, integrity, and availability controls. No one really wants an unplanned investment because it means something went wrong.
ADR gives you a way to validate these controls’ effectiveness. By emulating an attack, you have the ability to determine whether the controls you have in place work as intended. If not, you can remediate the vulnerabilities and enhance your security posture.
Moving Toward the Future
Taking a forward looking approach to data protection, organizations should start moving away from traditional understandings of Respond and Recover. Cloud technologies change how we do business, but they also change how we view data. Moving away from traditional design models focused on confidentiality, integrity, and availability and embracing ones that focus on the distributed, immutable, and ephemeral nature of modern data can mitigate risk by eliminating the need for Response and Recovery protections.