With all the talk of sophisticated hacks and advanced persistent threats (APTs) these days, it would be perfectly natural to think that this breach might have been planned and executed by a crack team of highly-skilled cyber-criminals. Though it’s not clear exactly how adept the perpetrators were, that detail is pretty much irrelevant when you consider that the breach succeeded because of gaping security holes created in the wake of a few, very easily avoided security management missteps. In other words, someone who snoozed their way through Hacking 101 class could probably have found their way to the organization’s sensitive data.

For starters, servers configured to house some of those highly sensitive records went through an upgrade process outside of the department’s firewall. Furthermore, the passwords that were part of the default configuration were never even changed!

What would have greatly helped avoid such a debacle would have been the security program’s inclusion (and enforcement) of processes to consistently check for known security weaknesses and mitigate risks throughout any upgrades or changes to systems and endpoint configurations. This can be exceptionally challenging in larger organizations, which often see their IT environments go through major change on a routine basis, but familiar vulnerabilities are bound to resurface.

That being said, vulnerability assessment is an indispensable component to any organization’s security program. There are literally thousands of known vulnerabilities inherent to servers, databases, etc., and many of these– weak or default passwords, for example– are obvious and easily remediated. However, given the sheer number of possible exploits, automating the process of database and server hardening is critical, and should be done on a regular basis.

From a strategic perspective, an organization’s approach to security needs to be multi-layered; this is the only way to really dial down the risk of a data breach. In the case of Utah’s Department of Technology Services, the database server might have been adequately protected had it been placed behind a firewall, but in the event that perimeter security falls short, those hundreds of thousands of sensitive records would still be secure if the server were vulnerability-hardened, and the database hardened and fully protected by a dedicated database security solution.

McAfee offers powerful vulnerability assessment capabilities that can be leveraged across an organization’s many endpoints, and even has a dedicated database research team that is constantly testing the major database management systems for possible security weaknesses that the bad guys out there might try to exploit. McAfee Vulnerability Manager for Databases also enables the automation and highly efficient management of this process through the ePolicy Orchestrator console, and generates actionable reports on what to fix in keeping critical, sensitive information secure. Organizations can also build a last line of defense for their sensitive databases with McAfee’s database security solution, which protects against threats across all vectors in real-time.

Here at McAfee, the Data Center team has been blogging regularly about the importance of security in the next-generation data center and the consumer experience. We wanted to share some of our insights in a monthly wrap-up blog for our Security Connected readers.

Recently, I discussed the need for secure and robust data centers to ensure business continuity and agility. Choices made in designing architectures that don’t involve security could lead to unplanned outages and violations of SLAs. Furthermore, service outages are most often attributed to unplanned or unwanted changes or a security breach.

Data center security is quickly becoming a growing concern as recent website outages have shown a profound negative effect on the success of both SMBs and large enterprises. When it comes to the consumer experience, it’s important to note that though downtime costs can vary widely by industry, application and organization, they are estimated to be as high as $1M per hour – not an insignificant loss.

While many factors play into how website outages occur, now is the time for data center operations and security teams to work together and take steps to improve the uptime experience for their customers. Understanding and testing the scalability and performance impact of security services gives data center operations and security teams insight to manage systems more efficiently, while increasing uptime and availability.

Tips to prevent downtime

• Implementing security policies, processes and solutions that provide increased and real-time visibility and control in the data center
• Ensuring proactive threat protection and shielding against application exploits
• Establishing trust zones with control over the types of traffic allowed in order to ensure more robust data centers and mitigate unnecessary downtime

 
However, when it comes to SMBs using cloud services to cut IT costs, ensuring 99.9% uptime is not always feasible when you need to account for service provider outages.

SMBs that rely on cloud computing can adjust their security strategy, and choose providers based on their reliability and accountability when it comes to unexpected outages. Robust risk and security management programs are paramount– any size organization must be careful to ensure reliable and secure services to their end users, whether this means performing backups or ensuring disaster recovery capabilities.

The Data Center team will continue to post summaries here on the blog, and be sure to follow @McAfeeBusiness for regular updates.