I'm raising money for a cause I care about, but I need your help to reach my goal! Please become a supporter to follow my progress and share with your friends.
Subscribe to follow campaign updates!
As companies try to balance data security and labor shortages, they've forgotten the adage that the more things change, the more they stay the same. They've forgotten the lessons learned from the 1984 data breach of TRW Information Systems. After all, what can 40-year-old technology teach businesses about people and processes in the 21st century?
The 1984 breach marks the beginning of cybercrime where consumer data was stolen for monetary gain. TRW Information Systems was a credit reporting company that allowed businesses to check consumer credit histories. When a consumer wanted to purchase an item on credit, the store would request a credit history using a teletype terminal. Every store using TRW had a teletype terminal and a direct connection to the credit reporting service. Employees were required to enter a passcode to access the system.
Someone from a Sears store shared a passcode online, allowing hackers to access the system. The exposure went undetected for a year until an anonymous third-party contacted TRW. Over 90 million records were compromised from a network of 35,000 access points. Because the passcode was written on a piece of paper next to the teletype machine, it was impossible to know if an employee, customer, or third-party vendor stole the code.
Although today's technology has advanced well beyond a teletype terminal, the 1984 compromise happened for the same reasons they succeed today. Organizations have:
A lack of password controls
Numerous unsecured access points
Inconsistent policy controls
Despite zero-trust architecture, security service edge (SSE), and cloud access security brokers (CASB), companies struggle to stay ahead of cybercriminals. In some instances, their challenges are compounded by labor shortages that pressure organizations to hire staff before security controls are in place.
After 40 years of harping, people still write their passwords on post-it notes next to their workstations. Isn't it time IT departments realized the insanity of expecting people to secure their credentials? Frameworks exist to secure access without relying on individuals to keep their passwords safe. If these frameworks were implemented, companies would no longer need to worry about location when looking to hire staff.
The zero-trust concept assumes that every access request is a potential security threat. Instead of assuming that once users are authenticated they no longer pose a threat, zero-trust requires that users are authenticated every time they request access to a network resource. The framework allows organizations to monitor what users are accessing. If the technology had existed in 1984, TRW would have noticed that requests for credit history were coming from outside its 35,000 access points.
In 1984, no one was thinking of edge security. Edge computing was just entering the technology consciousness. It wasn't until the internet of things (IoT) became popular in the 21st century that edge computing and security became of concern.
Gartner was the first to recommend a secure access service edge (SASE) framework to strengthen cloud or hybrid infrastructures in 2019. The research firm envisioned SASE as a decentralized security model. In 2021, Gartner revised its SASE framework to identify a security component called security service edge (SSE). The SSE framework consisted of the following:
Secure Web Gateway (SWG)
Cloud Access Security Broker (CASB)
Zero-Trust Network Access
The frameworks are designed to secure cloud-based services and protect users and devices located remote or on-premise.
It's easy to look back at 1984 and ask "What were they thinking?" Who thought it was a good idea to deploy 35,000 unsecured endpoints that relied on users to protect access codes? Well, how many companies between 2019 and 2021 allowed remote users to access their network over the internet relying on employees to have proper security?
With a decentralized security model such as SSE, today's businesses can hire the most qualified candidates with minimal concern for data security. A strong SASE infrastructure ensures secure internet traffic and robust user authentication.
The 1984 compromise included user documentation as well as passcodes making it easy for hackers to wander the system without notice. Part of the problem was a lack of visibility across the network and the inability to enforce uniform policies. No one was monitoring who was accessing documents or copying them to another device.
Because each store was responsible for its security, TRW lacked the control to enforce uniform security measures. Today's implementations pose similar challenges. Multi-cloud or hybrid infrastructures make it difficult for organizations to see what is happening across the enterprise. Without the needed end-to-end visibility, companies cannot secure, govern, or comply with cybersecurity regulations and mandates.
That's where today's cloud access security brokers (CASBs) come into play. CASBs are a critical component of an SSE framework. They provide views into cloud-based applications and unauthorized use across platforms. The security tool means businesses can implement uniform security policies because it sits between the user and the cloud. Just think how secure TRW's implementation would have been if CASBs had existed in 1984.
As of December 2020, only 20% of enterprises used CASBs in their cloud-based deployments despite their ability to:
Enforce encryption
Identify active cloud applications
Profile devices
Pinpoint security violations
Identify potential threats
CASBs provide the visibility needed for organizations to see what is happening across platforms from a central location. They can monitor what remote employees are accessing and identify variations in user behavior. These capabilities give companies the flexibility to hire staff without worrying about possible security threats.
As companies face labor shortages across all industries, the pressure to fill job openings may create added security risks if proper data security standards are not in place. While TRW's security controls may seem insufficient by today's standards, many organizations still fail to deploy robust solutions to protect against credential theft, authentication lapses, and inconsistent policy controls.
With strong data security, businesses can hire staff without worrying about increased security risks. Employees can access data securely across the enterprise to schedule and distribute business intelligence (BI) reports using Power BI. ChristianSteven's Power BI Reports Scheduler (PBRS) automates the process so employees can focus on insights and not on the distribution.
Sign in with your Facebook account or email.