There are 2 main types of disclosures that can happen to your system: internal & external. An internal disclosure is when an employee or administrator inadvertantly makes private information public. This could happen from lack of shredding, carelessesness, mistakes, or not understanding the sensitivity of information.
An external disclosure occurs when someone outside your organization gains access to your system and gets at information they shouldn’t. They might post information publicly, perhaps on WikiLeaks or some other site. Or if the information is valuable – think credit card numbers – they might keep it to themselves and use it for nefarious purposes.
As an application owner, you need to be prepared for both types of threats and design your systems and processes around them. This takes careful planning and design, it won’t happen by accident. Some things you can do yourself, in other cases you might need to bring in some experts or objective 3rd parties to make sure you’re really secure.
This post will focus on external disclosure, please see the follow up post on internal disclosure.
Here are 8 ways to protect your system:
1. Model Your Threats
One of the best things you can do to prevent disclosure is to look at how an attacker might gain access to your system, or how you might allow someone to inadvertantly disclose private information. Threat Modeling is an approach that will help you systematically think through information & system boundaries, attack opportunities, and potential risks. In order to do this properly, it’s best to have some level of experience with hacking & security, as well as an understanding of your system architecture & design.
2. Encrypt At-Rest Data
Many systems use encryption to transmit data between various components or to users. This is a great first step, but it leaves direct access to the databsae or file system as a risk. Some discussion of the tradeoffs are here and further reading here.
3. Use 3rd Party Authentication
You are likely not an expert on how to do public/private key encryption, authentication, and authorization. There are many authentication providers today that are standards based and highly secure. Don’t build your own system for username/password pairs!
A great side benefit of this is that depending on your application and what provier you use, you may be able to reduce the number of username/password combinations that your customers & employees have to remember. The more they have to remember, the more likely they are to write one down and have it become compromised in someway.
4. Prepare for Disclosure
If information is compromised in some way, how will you react? How will you communicate the situation to customers? How will you rally your team around the crisis? Does your team know your policies for information handling? Do you have policies?
How you handle a crisis is a key part of your perception to your customers, and bad handling can be worse than the disclosure itself. This is not something to leave until the crisis starts or to ignore. Be prepared.
5. Monitor for Attacks
Make sure you’re watching your system like a hawk and flag unexpected behavior. There are many great monitoring tools out there, but you will need to invest time & energy to make sure they are watching the right things. I’ve seen systems that were far too noisy so it was hard to watch the signal for real threats & attacks. Make sure you know what you’re watching and how to respond. Further reading here and here and here.
6. Store as Little as Possible
If you don’t have the information, you can’t disclose it! It’s sort of like telling people not to tell you a secret or a rumor so you don’t have to worry about spilling the beans.
You can think of this rule in the general sense – don’t collect info you don’t need in the first place – but also at the component or sub-system level. Don’t spread private or sensitive information around your entire system, but rather segment on a “need-to-know” basis. Yes, it will require more design work, but it will make your system more secure.
7. Reduce Attack Surface
Similar to the previous tip, make sure you’re exposing as few opportunities for attackers to get at your system as possible. This could apply to web-services or API’s, and to user interface pages.
Reducing the attack surface will limit the flexibility and “future-proofness” of your application or website, but it will make sure that your not allowing attackers to get at information they shouldn’t be able to. Sometimes even very innocuous API’s allow attackers to elevate priveleges and get into the juicy data they crave.
8. Hack Yourself!
This one is the most fun and educational. Get your team to try and get at the data, or hire some experts to do it for you. Just like the opening scene in the movie Sneakers where reformed robbers break into a bank to expose its weaknesses, you can hire reformed hackers to do the same thing for you. This will show you where your REAL weaknesses are and will help you improve your overall security.
I hope this post was helpful for you, please drop me a line or leave a comment and let me know!