On January 29th 2015, the health insurance
company Anthem, Inc. discovered that hackers have gained unauthorized access to
Anthem’s IT systems and nearly 80 million records containing Personally
Identifiable Information (PII) were stolen. The hackers used phishing attacks
to obtain network credentials of at least five employees with high level IT
access. Data from the attack is expected to be sold on the black market.
Anthem’s breach was the result of insufficient identity,
credential and access management, which is also a top concern in cloud
computing environments. Data breaches can occur due to the lack of scalable
identity access management systems, failure to use multifactor authentication,
weak passwords use, and a lack of ongoing automated rotation of cryptographic
keys, passwords and certificates (CSA, 2016). There are several factors that
allowed for the success of the attack on Anthem – the data was not encrypted,
too many of Anthem’s employees might have had too much access to the system,
multifactor authentication was not deployed.
Identity systems must scale to support the lifecycle
management for millions of users, including immediate de-provisioning of
accounts upon job termination or role change.
Credentials and cryptographic keys should not be embedded in
source code or contained in public-facing repositories such as GitHub. Keys
need to be well protected and rotated periodically, a secured public key
infrastructure (PKI) should be in place to ensure proper key management.
Multifactor authentication systems such as smart cards,
one-time passwords (OTP), phone-based authentication, etc. are required in
cloud environments. In case of legacy systems that use passwords alone, a
policy should be implemented to enforce strong password creation and define
password rotation.
Organizations planning to federate identity with a cloud
provider need to understand the security processes, infrastructure and
segmentation between customers implemented by the provider to protect the
identity platform. Organizations must consider the trade-off of centralizing
identity against the risk of having that single repository become a target of
high interest to attackers.
Resources:
Hiltzik, M., (2015, March 6), Anthem is warning consumers
about its huge data breach. Here's a translation., retrieved from http://www.latimes.com/business/la-fi-mh-anthem-is-warning-consumers-20150306-column.html
The Treacherous 12 Cloud Computing Top Threats in 2016,
(February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
Rashid, F., (2016, March 11), The dirty dozen: 12
cloud security threats, retrieved from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
No comments:
Post a Comment