Salami Attacks, the Rise of Secure Search and the IT Chasm

by | Dec 19, 2012 | IT

Varonis doesn’t predict the end of the world, but IT will face meaty attacks!

By David Gibson, VP of Strategy, Varonis

Doomsayers have been predicting that the world will end, with the latest date just a few days away on December 21. If they’re right, then we won’t even exist in 2013, so perhaps this article could be a little premature. However, if the date passes without incident, here’s what organisations need to know to avoid their own Armageddon during the next twelve months.

Prediction 1: The Rise of Secure Search

There’s a growing gulf between the people who know how to find the right information quickly and those that don’t. The risk is that those who are not using modern techniques to manage their information overload will drown in a sea of unproductivity. With the number of business critical emails we receive on a daily basis growing, it’s those who are using automatic rules and search, and can manage their inbox beyond just normal filing, coming out on top.

Getting to the information quicker, and responding faster with the right information, gives you a competitive edge. Get your employees thinking about what needs to be kept, what has to be kept legally, what can be removed and how to intelligently archive their information. It’s like organising your life – you feel better when you’re in control.

Prediction 2: The Growing Chasm between IT and the Rest of Us

There’s a growing disparity between how people use technology in their personal and professional lives. Employees are beginning to expect the same services and accessibility from their organization’s infrastructure as they can get as consumers.

With a huge portion of the workforce connecting remotely via both personal and professional devices, the traditional infrastructure is being assaulted by new requirements, devices and services. Boundaries between work and home are further blurred by social media as the personal face of an employee is available to professional contacts – and vice versa.

This will impact a number of areas. For example, who owns the intellectual property of documents created on a personal device?  If an employee uses a personal device to check their work email, what rights does the organisation have to access, search, or wipe the memory?

This is further complicated for multi-national organisations as potentially there’ll be differing legal ramifications, legislation, etc. for each geographical location.

Start to think how, as an organization, you can be master in your own home, yet still offer the flexibility the workforce is increasingly demanding. A good place to start is making sure employee contracts cover the obligations – for both sides.

Prediction 3: Salami Attacks

The vast expanse of information about everyone that’s easily available online is scary, and this poses a new threat to organisations. While iOS 6 and digital ad tracking is being used for live ad streaming, it is capable of being used for so much more. All the individual scraps of information about a person can be researched and pieced together to create a complete picture – who we are, where we work, what school our children attend. It’s all there waiting to be plundered. The primary thing that saves most people is nobody is looking for them! But what if someone were?

It’s important that, as an organisation, you make sure your employees – especially those in key positions, are made aware of the risks. Consider collecting the information that’s easily accessible on one employee to demonstrate what can be done to really bring the message home.

Prediction 4: Inter-organizational Collaboration

Organisations are used to collaborating internally but the need to collaborate with third parties—business partners, contractors, vendors, customers, etc.—is increasing. The issue is that, with easy access to collaborative services such as YouSendIt, Dropbox, and Google Drive, it is virtually impossible for organizations to maintain control of exactly what is being shared. In fact, with decisions being left to the individual, just how can the organization make sure its digital assets are protected?

This is fast becoming the new frontier as file sharing moves beyond active directory. Organisations need to introduce processes that ensure the right sensitive information is shared, with the right people, securely.

Prediction 5: The Big Data Mountain

The elephant in the room has grown from being small and cute, and instead has actually started reproducing to form a large herd. Analysts concur that data is growing exponentially – with IDC quoting 50% year on year. In contrast, Moore’s law estimated that processing power doubles every two years, although many believe that 2013 will see this growth start to slow. That means, if you’ve got 100 Terabytes today, it will become 150 in a year and 225 in two years, while processing power will only double. Even if Moore’s law did hold true, processing is still not keeping up with data growth (this is why big data solutions  are built to easily “scale out” by adding nodes, rather than requiring you to “scale up” with processor upgrades) .

The reality is that these vast volumes of data require vast sums of money to store, with the real burden of how to staff up to manage and protect it. Organisations need to determine what they’re going to keep, and what they’re not, and how to execute those decisions going forward.

While one train of thought is for storage, management, and protection to become cheaper and faster, another is that organisations get better at their storage housekeeping. My belief is that both need to happen. Organisations need to look for solutions that will intelligently archive their information, while automating management and protection.

Prediction 6: Shortage of people with big data analytics and data science skills

My final thought is that, while technology exists which allows organisations to store and analyse huge amounts of data, there is a serious lack of data scientists to interpret the results and make informed decisions. For example, when MRI scans were first introduced, ailments that were previously hidden to the surgeon could be seen resulting in a spike in the number of patients going under the knife. However, it was later discovered that some patients who were just prescribed bed rest recovered better than those that had surgery!

More information doesn’t always lead to better decisions. But, if you have the automation and the talent to distinguish causality from coincidence, you can gain an edge.

As with any prediction, I can’t see into the future but I’m pretty sure the clock will strike midnight on New Year’s Eve. How many of my other predictions will be true, only time will tell. Season’s Greetings.

More at www.varonis.com

Translate »