On December 11th, the director of the National Security Agency (NSA), Gen. Keith Alexander, stood before the Senate Judiciary Committee to discuss actions being taken in the wake of Edward Snowden’s disclosures.
Gen. Alexander didn’t disclose all of the preventative measures the NSA are taking to address the Snowden breach. However, the two measures he did highlight are ones your organization should also consider, particularly if you have a highly virtualized environment or are entrusting your data to a third party or public service provider.
1. Implement the ‘Two Person Rule’ for sensitive operations
The U.S. military has leveraged this model for highly significant activities like launching nuclear missiles (remember The Hunt for Red October and War Games?) Ideally, this prevents a catastrophic event if someone accidentally hits the wrong button, say after a 3:00 am shift, or a substantive mental break with reality. With this methodology, two separate individuals are required to use their ‘keys’ in order to complete an operation.
National security is no longer defined by missiles. It is defined by data.
Edward Snowden was a systems administrator. In this capacity, he had broad access to networks, passwords and, obviously, data. This is a lesson that most organizations need to take more seriously.
As we look at virtualization and the cloud, the lesson becomes even more important. Where traditional datacenters were comprised of air-gapped servers with separate hardware, applications, and administrators, the cloud collapses hundreds or even thousands of applications into one centrally-managed infrastructure. This gives those who manage this environment – quite literally – the keys to the kingdom.
The what-if’s are nearly endless. What if an administrator decides that they could make an extra bonus by selling source code or other company proprietary information? Would you even know this data had been copied? Adobe didn’t.
What if an administrator accidentally suspends or deletes a virtual machine running the company’s payment processing application? The implications in cost and downtime are highly concerning.
What if a malicious attacker used phishing to gain the credentials of your vSphere administrator?
Instituting policies such as the Two-Person rule, or secondary approval, for sensitive administrative operations just makes sense. Even better, find tools that can help you automate this process. Ideally, you want to be able to prevent damaging actions from being taken in the first place, but additionally, you need to know when they are being attempted. This level of visibility will become the new norm in virtualized environments.
Sign up for Computerworld eNewsletters.