8 Ways to Prevent Information Disclosure

Preventing Information Disclosure

Photo by Arenamontanus

There are 2 main types of disclosures that can happen to your system: internal & external.  An internal disclosure is when an employee or administrator inadvertantly makes private information public.  This could happen from lack of shredding, carelessesness, mistakes, or not understanding the sensitivity of information.

An external disclosure occurs when someone outside your organization gains access to your system and gets at information they shouldn’t.  They might post information publicly, perhaps on WikiLeaks or some other site.  Or if the information is valuable – think credit card numbers – they might keep it to themselves and use it for nefarious purposes.

As an application owner, you need to be prepared for both types of threats and design your systems and processes around them.  This takes careful planning and design, it won’t happen by accident.  Some things you can do yourself, in other cases you might need to bring in some experts or objective 3rd parties to make sure you’re really secure.


This post will focus on external disclosure, please see the follow up post on internal disclosure.

Here are 8 ways to protect your system:

1. Model Your Threats

One of the best things you can do to prevent disclosure is to look at how an attacker might gain access to your system, or how you might allow someone to inadvertantly disclose private information.  Threat Modeling is an approach that will help you systematically think through information & system boundaries, attack opportunities, and potential risks.  In order to do this properly, it’s best to have some level of experience with hacking & security, as well as an understanding of your system architecture & design.

2. Encrypt At-Rest Data

Many systems use encryption to transmit data between various components or to users.  This is a great first step, but it leaves direct access to the databsae or file system as a risk.   Some discussion of the tradeoffs are here and further reading here.

3. Use 3rd Party Authentication

You are likely not an expert on how to do public/private key encryption, authentication, and authorization.  There are many authentication providers today that are standards based and highly secure.  Don’t build your own system for username/password pairs!

A great side benefit of this is that depending on your application and what provier you use, you may be able to reduce the number of username/password combinations that your customers & employees have to remember.  The more they have to remember, the more likely they are to write one down and have it become compromised in someway.

4. Prepare for Disclosure

If information is compromised in some way, how will you react?  How will you communicate the situation to customers?  How will you rally your team around the crisis?  Does your team know your policies for information handling?  Do you have policies?

How you handle a crisis is a key part of your perception to your customers, and bad handling can be worse than the disclosure itself.  This is not something to leave until the crisis starts or to ignore.  Be prepared.

5. Monitor for Attacks

Make sure you’re watching your system like a hawk and flag unexpected behavior.  There are many great monitoring tools out there, but you will need to invest time & energy to make sure they are watching the right things.  I’ve seen systems that were far too noisy so it was hard to watch the signal for real threats & attacks.  Make sure you know what you’re watching and how to respond.  Further reading here and here and here.

6. Store  as Little as Possible

If you don’t have the information, you can’t disclose it!  It’s sort of like telling people not to tell you a secret or a rumor so you don’t have to worry about spilling the beans.

You can think of this rule in the general sense – don’t collect info you don’t need in the first place – but also at the component or sub-system level.  Don’t spread private or sensitive information around your entire system, but rather segment on a “need-to-know” basis.  Yes, it will require more design work, but it will make your system more secure.

7. Reduce Attack Surface

Similar to the previous tip, make sure you’re exposing as few opportunities for attackers to get at your system as possible.  This could apply to web-services or API’s, and to user interface pages.

Reducing the attack surface will limit the flexibility and “future-proofness” of your application or website, but it will make sure that your not allowing attackers to get at information they shouldn’t be able to.  Sometimes even very innocuous API’s allow attackers to elevate priveleges and get into the juicy data they crave.

8. Hack Yourself!

This one is the most fun and educational.  Get your team to try and get at the data, or hire some experts to do it for you.  Just like the opening scene in the movie Sneakers where reformed robbers break into a bank to expose its weaknesses, you can hire reformed hackers to do the same thing for you.  This will show you where your REAL weaknesses are and will help you improve your overall security.

I hope this post was helpful for you, please drop me a line or leave a comment and let me know!

About Kit Merker

Product Manager @ Google - working on Kubernetes / Google Container Engine.
This entry was posted in Business Continuity, Cloud, Disaster Recovery, Downtime, Technology, Uptime and tagged , , , . Bookmark the permalink.

2 Responses to 8 Ways to Prevent Information Disclosure

  1. Pingback: 6 Ways to Stop Internal Information Leaks | Software Disasters

  2. Pingback: My Personal Woes of Data Loss | Software Disasters

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s