Ask any personal trainer what to focus on most and they’ll tell you: “Strengthen your core.” That’s because when the muscles of the lower back, hips and abdomen are working in harmony, the body has greater balance and stability. Strong core muscles make it easier to do many of life’s daily activities.
In business, having a strong digital core is important, too; in fact, it’s essential. Your digital core represents the critical systems that keep your business operating: your business processes, data and transactions.
If your physical core is weak, your balance gets thrown off and it’s easier to injure your back. If your digital core is weak, what gets thrown off is your organization’s ability to maintain operations, serve customers and generate revenue. You need to protect your digital core by strengthening it with better security practices.
Components of the Core
The components of your digital core are things like gateways, servers, load balancers, data storage and network devices – the many tiers of your production systems. In light of the symbiotic, dependent relationship of these functions (similar to a person’s core muscles), disruption or outright failure at any tier would threaten to paralyze the entire digital core.
For example, if your gateway or API server were to be compromised or shut down unexpectedly, or your third-party data suppliers’ system were to stop functioning, then the applications that have dependencies upon those APIs would also fail. Therefore, these third parties should be included within your digital core.
A recent example from the financial services industry helps illustrate the point. A credit card company was offering an innovative promotion with the goal of extending the desirability of their brand to important new demographics.
The program was a raving success – that is, until the CEO started receiving angry letters and emails. It turns out that blocks of users were prevented from taking advantage of the promotion without any explanation.
Before this angry feedback, the company had no idea there was any problem. The IT department took about a week to track down the root cause of the failure, which turned out to be an API call to a tax table supplied by a third party.
Needless to say, the negative experience combined with the bad press attributed to the failure greatly undermined the goodwill intent of the promotion. The moral of the story: your digital core extends beyond your physical data center.
The digital core must be protected within all tiers, and building in redundancies is part of that process. Security professionals agree that there is no such thing as one silver bullet for defense. Instead, a comprehensive defense-in-depth strategy is strongly advocated.
Although most businesses do a decent job of defending applications using defense-in-depth principles, they often fall woefully short in applying those same principles across the full extent of their digital core.
Here’s an example of that shortfall. Organizations often have little knowledge of all the root/control access credentials residing within their digital core when working with SSH and RDP. That’s like locking the front door but leaving the back door unlocked.
In this day and age, it’s only prudent to assume that bad actors are checking all doors to gain access. In fact, evidence suggests that these unmanaged and unmonitored back doors are the principle targets of bad actors, both internal and external. Therefore, IT security professionals must take care to apply defense-in-depth principles across all tiers of the digital core, both on premises and in the cloud.
Steps for Strengthening Your Digital Core Security
- Make a diagram of all the elements of your digital core. Include API and cloud dependencies. Start with your network and map it all back to your databases. For this exercise, it is best to use a large whiteboard with lots of space.
- Catalog all the existing access to your digital core. And then keep going; understand the process of granting new access. How is that process controlled? How can this process be bypassed? If it is bypassed, how would you know?
- Delete old, unused or low-encryption access credentials across your entire environment.
- Decrypt traffic and send it into your other security tools for inspection: SIEMs, DLP, malware, anti-virus, etc.
- Deploy multi-factor authentication for all privileged access.
Don’t set yourself up for failure at the core of your business. Instead, establish a strong security strategy that protects all the tiers within your digital core. The steps listed above will help you extend security where it’s needed most so your enterprise stays up and running.