Page 11 - CDM Cyber Warnings February 2014
P. 11
Servers, whether they are located on premise, in colocation only reliable employees are touching IT systems, but they
facilities or in the cloud, are the heartbeat of today�s are not foolproof. In addition, background checks do not
organizations. They contain valuable secrets including apply to people who are not part of the organization, but
intellectual property, customer data, financial information have access to servers or server components at the time of
and more. While protection of data-at-rest and data-in- manufacture, delivery or servicing.
motion has improved, data-in-use is remains a security
loophole that is subject to a number of attacks. No matter It is straightforward to snapshot memory, parse the
how many layers of security are in place, anyone with memory to capture the encryption keys for data-at-rest,
physical access to a server can conceivably compromise it and then unlock encrypted data-at-rest and get the data
data-in-use. without the data owner knowing about it.
That�s because even if data-at-rest is encrypted, server Anybody or any hardware component has the potential to
memory is unencrypted and can be acquired and parsed bypass data-at-rest and data-in-motion encryption by
offline to obtain valuable information including credentials using a compromised hardware component to tap into the
and encryption keys. Using this data, attackers can access contents of random access memory (RAM). Physical
a machine as a privileged user to compromise sensitive security measures cannot protect against compromised or
information. �backdoored� hardware components.
“Attackers are
increasingly using
outsourced service
providers as a means
to gain access to their
victims”
Here are the top five threats to enterprise server
infrastructures: Third Party Service Providers
While enterprise staff may be trusted, the same level of trust
Insider Threats may not extend to colocation facility or cloud service
provider staff. Anyone with physical access to a server can
Most sensitive data resides on servers in datacenters, which
install malicious hardware and extract valuable
may be located on premise, at a hosting provider, or at a
information.
cloud service provider. They are the nerve center of any IT
operation, and are staffed by people, including some who
A malicious outsider could be a janitor trying to make some
may have malicious intentions.
extra money, ill-intentioned service provider staff or even
someone acting on behalf of a nation-state. As a recent
As we�ve seen with the Edward Snowden incident,
Mandiant Threat Report stated, �Attackers are increasingly
contractors and insiders remain a perennial threat to IT
infrastructures. Background checks can help to ensure that
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 11
