Friday, December 10, 2010

WikiLeaks–How to Fix a Leak with Better Plumbing

The 9/11 Commission Report cited "pervasive problems of managing and sharing information across a large and unwieldy government that had been built in a different era to confront different dangers". Since 9/11 governments around the world have considerably adjusted their stance on information-sharing to allow more adequate and timely sharing of information. Unfortunately, the need to share information quickly in many situations had priority over the need to protect it and this left security policies, certification and accreditation practices, and existing security controls behind.

WikiLeaks may jeopardize all we've worked towards to enhance information sharing, and impede pursuits to make information-sharing more effective. Or it may serve as a wakeup call that our current policies, processes and solutions are not adequate in today's world where information must be collected, fused, discovered, shared and protected at network speed.

Here at Layer 7, we've been working with government agencies worldwide to support their needs for sharing information more quickly, while introducing a more robust set of access and security controls to allow only those with need-to-know clearance access to privileged information. In the following paragraphs, I'm going to discuss how Layer 7 Technologies aids in breaking down information-sharing silos while maintaining a high degree of information protection, control and tracking.

There are multiple efforts underway across government agencies to use digital policy to control who gets access to what information when, as opposed to relying on a written policy. Layer 7's policy-oriented controls allow for digital policy to be defined and enforced across distributed information silos. Either inside an enterprise or in the cloud, using Layer 7,government agencies and commercial entities can define and enforce rules for information discovery, retrieval and dissemination across a variety of security realms and boundaries. With the right kind of policy controls, companies can avoid a WikiLeak of their own.

Layer 7 provides information plumbing for the new IT reality. Using Layer 7 products organizations can ensure:

Data Exfiltration –The WikiLeaks scandal broke because of a single user’s ability to discover, collect and exfiltrate massive quantities of information, much of which was not needed for the day-to-day activities of the user. With Layer 7, digital policies can be defined and enforced which put limits on the number of times a single user can retrieve a single type of data or multiple types of data that, when aggregated together, could be interpreted as having malicious intent. If the user goes beyond his administratively imposed limit, Layer 7 can either allow the operation while notifying administrative or security personnel of the potential issue, or can disallow access altogether while awaiting remediation.

Access Control -The heart of any information system is its ability to grant access to people who meet the "need to know" requirement for accessing the information contained within. The reality with government organizations is that many information systems rely on the user’s level of clearance, the network he is using, or course-grained information likethe branch of service he belongs to, in order to grant or deny access to an information-sharing system in its entirety. For those going beyond the norm with usage of Role Based Access Control (RBAC), the burden of administrating hundreds or thousands users, based on groups, is formidable and limits the effectiveness of the system; it increases the likelihood that the system has authorized users whom no longer have “need to know” of the information.

Layer 7 policy enforcement and decision allows for user authorization through either Attribute Based Access Control (ABAC) or Policy Based Access Control (PBAC). These types of authorizations correlate through policy, attributes about the user, resource and environment in order to allow/deny access. Attributes can be collected from local identity repositories or from enterprise attribute services.

In addition, enterprise attribute services can be federated to allow for attributes to be shared across organizations, thereby minimizing the requirement of having to manage attributes about users from other organizations. An often-overlooked factor of authorization is the need to tie typical authorization policy languages like XACML (is user X allowed to access resource Y) to policies around data exfiltration, data sanitization and transformation, and audit. This is the area where Layer 7 stands out: not only do we have the ability to authorize the user, but we can also enforce a wide variety of policy controls that are integrated with access control.

The following blog posts by Anil John, a colleague whom has specialization in the identity space, provides good information about the benefits and needs of the community in moving from roles to policy and attributes. Policy Based Access Control (PBAC) and Federated Attribute Services


Monitoring, Visibility & Tracking - Even when controls are in place that help mitigate the issue of “need to know,” there will always be a risk of authorized users collecting information within the norms of their current job and role. In support of this, visibility of usage by the individual IT system owner and across enterprise systems is key to limiting this type of event in the future. Layer 7 allows for federation of monitoring data so information about data accesses can be shared with those organizations monitoring the network or enterprise. This allows authentication attempts and valid authorizations to be tracked, and distributed data retrieval trends analyzed on a per user basis across the extended enterprise.

Leakage of privileged information to unauthorized users can never be 100% guaranteed. However, with the simple implementation of a policy-based information control like Layer 7, access to confidential information can be restrictedand tracked.


45 comments:

  1. priority over the need to protect it and this left security policies, certification and accreditation practices, and existing security controls behind. my site

    ReplyDelete
  2. The efficient techniques used by the workers here will surely provide you with and off the edge mark in the best of plumbing systems and drainage network.
    get redirected here

    ReplyDelete
  3. Regardless of what Tampa handyman is picked, make certain to do some exploration before employing them. Ac repair

    ReplyDelete
  4. Several professional plumbing services are available here to meet the plumbing needs of the people. The plumbing services cater to both the commercial and the residential complexes. Plumber

    ReplyDelete
  5. the plumbing system should always be in a state of sustained better services to offer for. Providing plumbing services require great effort and skills and trained professionals, plumber

    ReplyDelete
  6. In case you are installing a water heater system, ensure that the tanks and all the piping system are from a good and reputed company and then get it installed through the hands of a skilful workman.Contractors Today

    ReplyDelete
  7. Imagine if you hired a company that promised to get the problem fixed in a few days and ended up weeks on the job. kansas city plumber

    ReplyDelete
  8. Employing the services of a plumber can be quite expensive. If you have to hire one in a pinch, oftentimes they are not as savvy as expected and can leave you with an unresolved, or even worse, situation, as well as a big bill. Check out these five tips for finding a good plumber that won't leave you with a wet problem and an empty wallet. Whole House Repipe Missouri City

    ReplyDelete
  9. This implies numerous more established homes are currently encountering the need to finish repairs on their pipelines. Water heater replacement Missouri City

    ReplyDelete
  10. Some people might need to keep a list by the sink of what foods shouldn’t go down. Many would find this impractical. garbage disposal reviews

    ReplyDelete
  11. Whenever you choose a pluming company, you must certainly choose a licensed one. click here

    ReplyDelete
  12. Perpetually consistent and an extraordinary commitment to the universe of bloggers.look at here

    ReplyDelete
  13. It might come as a shock, notwithstanding, to discover that handymen should likewise know how to peruse diagrams accurately.http://www.drainblasters.co.nz/

    ReplyDelete
  14. This includes the aquastat, gas valve and burners, the air vent, the expansion tank, and many others. With a good diagram, though, the components will be viewable and identifiable, and their connection points known Heatcare Norwich Ltd

    ReplyDelete
  15. Plumbing Repair Dudes came and fixed my drain today. It wasn't an easy job, as the type of drain that I wanted installed is not common (non pop up valve). http://www.plumbingrepairdudes.com

    ReplyDelete
  16. A professional flood damage cleanup companies service will be able to detect any underlying problems and ensure that the damage is repaired for good.

    ReplyDelete

  17. Thank you for such a well written article. It’s full of insightful information and entertaining descriptions. Your point of view is the best among many.

    אינסטלטורים בבאר שבע

    ReplyDelete
  18. Thanks for sharing this quality information with us. I really enjoyed reading. Will surely going to share this URL with my friends. forfaits référencement naturel

    ReplyDelete
  19. The cost of replacing your combi boiler is often offset with energy efficiency savings so in effect the new boiler pays for itself.
    combi boiler

    ReplyDelete
  20. Good post but I was wondering if you could write a litte more on this subject? I’d be very thankful if you could elaborate a little bit further. Appreciate it..! this page etc

    ReplyDelete
  21. Plumbing supply is a basic need of an individual due to the need of clean and safe water for drinking, proper collection and transport of wastes. Emergency plumber Hamilton Ontario

    ReplyDelete
  22. I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information Full Article

    ReplyDelete
  23. There are a few disadvantages associated with them, but if you want to save time and money, they are the best options that you have for your plumbing system. Main line water repair

    ReplyDelete
  24. We are truly thankful for your blog entry. You will discover a great deal of methodologies in the wake of going to your post. I was precisely scanning for. A debt of gratitude is in order for such post and please keep it up.  Tankless Lab

    ReplyDelete
  25. Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. There tend to be not many people who can certainly write not so simple posts that artistically. Continue the nice writing layflat hoses

    ReplyDelete
  26. Chemical & Pesticides Hoses pipes are Nylon braided Hoses being used for conveying Chemicals and spraying Pesticides, Insecticides, Fungicides Weeding etc.  pvc layflat hose

    ReplyDelete
  27. Thank you so much for the post you do. I like your post and all you share with us is up to date and quite informative, i would like to bookmark the page so i can come here again to read you, as you have done a wonderful job. irrigation hose

    ReplyDelete
  28. Absence of successful handyman permit requirement in Washington State is changing a gifted authorized exchange into a business con diversion costing purchasers and talented experts beyond all doubt. heating repair stormville

    ReplyDelete
  29. Thank you again for all the knowledge you distribute,Good post. I was very interested in the article, it's quite inspiring I should admit. I like visiting you site since I always come across interesting articles like this one.Great Job, I greatly appreciate that.Do Keep sharing!
    Regards, smartwheater

    ReplyDelete
  30. Very interesting blog. A lot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definitely interested in this one. Just thought that I would post and let you know Rheem RTEX-13

    ReplyDelete
  31. I might want to thank you for the endeavors you have made in composing this article. I am trusting the same best work from you later on too.. Raleigh Gutters

    ReplyDelete
  32. Particular interviews furnish firsthand message on mart size, industry trends, ontogeny trends, capitalist landscape and outlook, etc. Seamless gutter companies

    ReplyDelete
  33. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. Guttering Blog

    ReplyDelete
  34. I just want to let you know that I just check out your site and I find it very interesting and informative.. Plombier Terrebonne

    ReplyDelete
  35. I really love this post I will visit again to read your post in a very short time and I hope you will make more posts like this.  try this

    ReplyDelete
  36. I am glad to locate your recognized method for composing the post. Presently you make it simple for me to comprehend and execute the idea. Much obliged to you for the post.camplux

    ReplyDelete
  37. Repairing appliances isn't something we all consider especially if the appliances aren't all that expensive. Cooktop Repair in Orange County

    ReplyDelete
  38. I encourage you to read this text it is fun described ... flower shop in Gurgaon

    ReplyDelete
  39. You presumably perceive - as most property holders do - that keeping your warming and air molding units running great is significant. Airco

    ReplyDelete
  40. This quote as of now incorporates the handyman who will do the work and one who is authorized and safeguarded to do these perplexing fix occupations.hot water service wonthaggi

    ReplyDelete
  41. This comment has been removed by the author.

    ReplyDelete
  42. Great survey, I'm sure you're getting a great response. Visit website

    ReplyDelete
  43. Introducing energy-productive windows. This is a major thing on certain structures that actually have single sheet windows. HVAC Company

    ReplyDelete