The General Intelligence and Security Service (AIVD) is concerned about the increasing number of foreign cyber attacks on Dutch government agencies and companies. The service enables allows hackers to gain access to secret government documents. That tells GISS director rob bertholee on television EenVandaag.
The AIVD observed in the last six months of 2016 hundreds of cyber attacks from countries such as Russia, China and Iran. They tried to come to business or to gain access to email accounts. "In this way, hackers will even death rings to secret government documents. Then you talk about reports from the bosom of the government's deliberations in a public institution, "says Bertholee.
The director calls this cyber attacks "a threat to our democracy." He argues that the danger is twofold. Cybercriminals can, according to him affect us about how our Parliament works and how our government makes decisions. "On the other hand, hackers business secrets and economic secrets away. This could affect the economic earning power of the Dutch business community. "
Action against these cyber attacks is useless according Bertholee because it is difficult to prove. "Countries like China or Russia deny the attack, making it the last story."
Hewlette Packard Enterprise (HPE), the US start-up Niara incorporated. The security specialist will have a role in HPE Aruba to supplement the Clearwater Pass netwerksecurityporfolio for the wired and wireless network infrastructure and improve. An acquisition price was not disclosed.
Niara rather an integration partner of HPE, uses' ueba. This allows for user and entitiy behavior analytics. This new security technology based on machine learning and data analytics, would be able to identify the latest cyber attacks that traditional firewalls and other security systems have no control. Research firm Gartner states that ueba identifies and detects through the use of different analytical methods. Often used a combination of basic analysis and advanced analytics. The technology protects both traditional and IoT devices.
Niara-founders of Niara Srimam (CEO) and Prasad Palkar (vice president of engineering) times the acquisition back to Aruba, where she already worked earlier technologies such as the current ArubaOS system.
acquisitions
The purchase of Niara is the third acquisition of HPE in a short time. In January 2017, the company already bought two companies. So the Americans enlisted at the beginning of the new year in Simplivity, where they put down $ 650 million. This is a network specialist for software-defined applications and hyperconverged infrastructures. In addition, the company took the American Cloud Cruiser on , a provider of software that enables cloud usage can be analyzed.
It gets busy in the cloud. In addition to production environments end up testing and analysis environments increasingly in the cloud. This is creating a new problem. How do you guarantee the privacy of customers in this situation? In this article we are going into this, basic principle: what is not, can not be stolen or lost.
It is getting busier in the cloud will be second to none as a surprise. Managing cloud of production environments now seems the rule rather than the exception. Lately we see more and more testing and analysis environments end up in the cloud.
Upscaling and downscaling
The latter is a logical development. These environments must be scalable and that the cloud is ideal for. One minute, you need many test environments because you're in the middle a large development process. Each team's own test environment is suddenly a real possibility. At other times, you are mainly concerned with the regular management and all those environments are not necessary. The cloud makes it possible to quickly and easily and to scale down.
Data on the street?
This is creating a new problem. How do you guarantee the privacy of your customers in this situation? How do you ensure that their data not be on the street? Additional trigger for this is the Law Hailing Data breaches. Organizations are required since January 1 last year to report data breaches to the Authority for Personal Data. For data leaks from the cloud, of course, this applies in full.
In addition: for testing and analysis environments, it is the risk of a data leak bigger. There are often more active than users in a production environment. In addition, users often have more rights because they must be able to do things that are not allowed in production (for example, create awareness of errors). And all outside of your own well-secured domain.
Nightmare
From information security perspective, this situation has all the ingredients for a nightmare. To avoid that nightmare becomes reality, there are two things you must do in any case.
1) Think carefully what data you really need in your test or analysis environment. for example, need all kinds of historical documents (eg change of address, etc.) also in a test environment available? It is not enough if you only have the current address? By in this way, a critical look at the stored data, the impact of a data leak is reduced. An additional advantage is that the size of the dataset can be reduced and you can save on storage.
2) Take additional measures to protect the 'subset'.
Solution is in data
Because in a test environment, the degrees of freedom of a user are higher, meet a lot of 'standard' security measures (monitoring, logging, etc.) less. The solution is for these environments much more in the data itself. Through clever sensitive data anonymous or pseudonymisation, you can reduce the impact of a data breach to zero.
Anonymize or pseudonymisation irreducible means that the data is created - unique individuals identified are no longer there - while the predictive value of the data remains intact. In other words, the profile of the client will remain the same but it is no longer possible to see who he is.
Especially in a cloud environment offers great advantages. Because what is not, can not be stolen or lost. Regardless of the region where your data is ultimately, you're sure that a data breach has no impact on your customers. And that is where information about?
No comments:
Post a Comment