Improper exposure of your corporate secrets or assets is a problem that every company should be concerned with regardless of your size. Managers should be on the lookout for any areas where confidential information could be intentionally or unintentionally exposed. Managers should be continuously updating security strategies and asking the question, “is our strategy focused on protecting yesterday’s threats?”
Our staff just returned from the RSA 2014 Conference in San Francisco. It was a great opportunity to see new technologies that enable companies to proactively adjust to the new advanced threats that target the theft of confidential information. There were a number of companies with enhanced technologies that focus on network monitoring and optimization. The one common component of these applications is the availability of extensive reporting on network topologies and performance. The level of detail is impressive and can be a tremendous asset to manage, optimize and secure corporate networks.
The reports can also be lethal if they get into the wrong hands! Each of the applications that we saw had the ability to output a complete inventory of network components and configurations. The reports are generally created in either MS-Excel or PDF formats. I asked the representatives if a third party contactor or internal staff with administrative credentials generates a report, could it be emailed or shared with anyone inside or outside the company? The general response, “not a problem!” Oh really?
If your network infrastructure were exposed what would be the impact on your organization? I was surprised that not one of the companies that I spoke with gave a second thought to the potential security problem with this level of unfettered access to such important information!
A remedy to this problem is to apply a persistent security policy and encrypt all files generated by this type application. Persistent security permits only authorized staff to access and open files. The policy allows the company to manage the file regardless of its location and reduces the risk of unauthorized third parties gaining access to your network.
File based passwords will not protect your company from this potential threat!
Photo credit NASA Goddard Space Flight Center