Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Disaster Recovery

Network Security Lessons from Sandy

As our thoughts and prayers go out to those affected by Super Storm Sandy and the many who continue to deal with the aftermath of the storm, it seems timely to also reflect on the lessons learned from this natural disaster. What can we glean from Sandy that will help us deal with security events as disruptive in nature as Super Storm Sandy? Do we need a strategic shift in how we respond to incidents? What are key security observations from this storm? Consider these three key learnings:

As our thoughts and prayers go out to those affected by Super Storm Sandy and the many who continue to deal with the aftermath of the storm, it seems timely to also reflect on the lessons learned from this natural disaster. What can we glean from Sandy that will help us deal with security events as disruptive in nature as Super Storm Sandy? Do we need a strategic shift in how we respond to incidents? What are key security observations from this storm? Consider these three key learnings:

Plan for All Disasters, Not Just Natural Ones

Disaster PlanningDisaster recovery is about preparing and recovering from any event that impacts business and infrastructure continuity. In this case, it was super size storm, but it could have been any event –power failure, floods, earthquakes or a targeted attack. Disaster recovery is not only about preparing for something that may happen to your business at some point (the disaster), but also the ability to safeguard and restore the data (recovery) so you can get back to business as usual.

The best practice for disaster recovery involves adequate planning and investment to ensure every potential disaster has an appropriate solution. This can range from what to do due to loss of electricity or lack of fuel needed to power backup generators, to the operational aspect of disaster recovery such as operating procedures, staffing support plans and backup communications. Because disaster recovery is a continual process of analysis and improvement, frequent drills must be held to instill processes and procedures. It’s very similar to what we incorporate in training for other activities – for example, the key part of pilot training isn’t just how to fly an airplane, but how to react when something goes wrong with the plane or engine.

But, it’s important that this planning extend to network security as well. If Mother Nature can deliver so much havoc, then can your IT infrastructure, electric utilities and water systems withstand intentional modern attacks? Homeland Security Secretary Janet Napolitano said after Sandy, “If you think a control-system attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities.” How will your team handle a breach in the network in a way that mitigates and minimizes downtime for the network, and protects other critical data? There is no guarantee of 100 percent security for your network, therefore a good security architecture must be balanced with preparations for network breaches, however infrequently they may occur.

The proper network security plan can accomplish a number of key goals – minimize loss of data, address regulatory compliance issues and preserve appropriate information so that your forensics team and/or law enforcement has enough information to identify the attackers and prevent attacks from occurring in future.

Consumerization is Alive and Thriving

In the aftermath of Sandy, a key portion of the East Coast population either lost access to applications (email servers etc), or were unable to physically get to their offices. Many defaulted towards using consumer applications for business – Google Mail, Skype, Dropbox.

The behavior of leveraging personal technology and applications isn’t new. How many of you have sent documents to co-workers via Dropbox because you didn’t want to send huge files via email and crash a co-worker’s inbox? We’ve been seeing this dissolution of traditional distinction between business and personal use within the enterprise, and this behavior will continue. In this case, the ability to utilize these applications during the storm actually enhanced business productivity. At the same time, it does stress the need for network security that can safely enable applications based on users, applications and content. For example, the Dropbox application should have been enabled only for the right filetypes and functions (i.e. no uploads of sensitive corporate information), whether during sunny or stormy days.

Advertisement. Scroll to continue reading.

Business Continuity PlanningAfter Sandy dissipated, many who didn’t have power or Internet access also favored mobile devices like phones and tablets to communicate and work, charging these devices using their car chargers. This brings the concept of working from “anywhere, anytime, from any device” to a whole new level. In fact, what we traditionally may consider an endpoint problem is clearly also a network and data center problem, as appropriate access to applications should be enforced depending on what types of devices are used (sanctioned IT devices versus personal devices). Clearly, businesses with a more open culture that embraced consumerization, and had developed the proper security policies to be consistently enforced, continued to be productive in the aftermath of the storm.

Select the Right Partner and Architecture

Finally, I think we can agree that selecting the right partner is important, and this is most obvious during a crisis. Businesses that picked the right data center provider with the proper scalability and redundancy architecture, were able to withstand challenges from the storm. Others such as Huffington Post, Gawker, and Buzzfeed were unfortunate enough to have the data center that hosted their web services flooded, and without proper geographically dispersed redundant sites, incurred some significant down time. The right security architecture goes hand-in-hand with any data center architecture, and the simplest design wins. The simplest designs succeed at being highly available, while more complex and over-engineered designs introduce more variables, human error, and risk that can even reduce uptime if not properly designed.

Moving Forward

The ability for anyone to be completely prepared for a storm the magnitude of Sandy is unlikely. What we can do is move forward, learn and deal with future disasters. Similarly, on the security side, it is about understanding the trends with modern attacks, consumerization, and mobile devices, and learning to plan and design for them from a security perspective so that few surprises will occur. And if surprises do occur, then hopefully your disaster recovery plans are in place to deal with them.

Related Reading: Business Continuity Planning in a Cloud Enabled World

Written By

Danelle is a seasoned product and solutions marketing leader with expertise in bringing disruptive security, cloud and AI technologies to market. She has more than 20 years of experience building and scaling GTM teams and positioning companies for growth — from early stage startups to IPO. Prior to Infoblox, Danelle held multiple Chief Marketing Officer roles, including Ordr, Blue Hexagon (acquired by Qualys) and SafeBreach where she helped define and build a new market category. She was also VP strategy and marketing at Adallom (acquired by Microsoft) and played a key role in Palo Alto Networks growth through IPO as a leader in solutions marketing. Earlier in her career, she held senior product management roles at Cisco, overseeing security, networking and VoIP products. She was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. patents. She has an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cloud and cybersecurity MSP Ekco has appointed Ben Savage as UK CEO.

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.