I took a week off blogging last week but the lazy days were inundated by bad news. A few more devastating ransomware attacks. This time, Colonial Pipeline in the US was hacked and its networks were shutdown by ransomware. These ransomware threats are never ending, and they are getting more damaging than ever. It is like trying to plug a leaking boat with your hands, and more leaks appear as you plug them.
More ransomware news hitting healthcare around the world last week:
- [ May 15, 2021 ] Ireland’s health service hit by ‘significant’ ransomware attack
- [ May 20, 2021 ] Irish hospitals are latest to be hit by ransomware attacks
- [ May 19, 2021 ] Ransomware attacks hit AXA’s Asia unit, New Zealand health provider
- [ May 20, 2021 ] Ransomware attacks are spiking. Is your company prepared?
- [ May 20, 2021 ] RansomCloud: It’s new, it’s here now and it’s coming to a server near you
We are forever chasing for a solution, forever losing because almost all technology defenses to protect the data against ransomware are reactive. Why is ransomware still such a big threat then? Time to rethink file security fundamentals.
Data everywhere
Threat-centric methods are failing
I am no cybersecurity expert. It is not my forte but I am learning about it. But in the many cybersecurity measures and technology I have seen so far, the methods are mostly reactive. From the storage point of view, where the files are stored and shared, many vendors claim to recover from malware and ransomware infected files from snapshot and backup copies. That is one line of defense but the recovery is activated after the ransomware has been discovered.
Of course there are xDR (anything Detection and Response) technologies in the industry that do the proactive part and scan the networks and the folders for infected or potentially infected files. But again, the trigger points are still threat-centric, focusing on the threat.
Fortify the Data
I am a proponent to this concept called Data Personality, something I wrote back in 2019. Files and folders are the mainstay of all businesses and sharing files is work. But NAS (network attached storage) has been the easy target for most ransomware attackers, because there is a vague line between ease of sharing versus secure the shared files. How much can you trust the shared files and folders?
Furthermore, with the workplace boundaries going beyond the secure company’s network into the clouds and the mobile edge, exacerbated by the work from home new norm, it is not a surprise that the boat is springing leaks faster than we can patch them.
The creation of files (and with it folders as well) conceive metadata. Fundamentally, we should be thinking how we can leverage this natural occurrence of metadata to fortify the data, to fortify the files. Part of that concept has already been mentioned in my Datanemic blog a few weeks back. I continue to do my learning and research about iRODS (Integrated Rule-Oriented Data System), an open-source middleware data management software with a strong potential to change the files and folders that the users consume in a secured fundamental way.
Storage structure encryption
There are so many technologies today that encrypt data both data-at-rest and data-in-flight. Storage structures security, physical, logical and virtual, are aplenty. iXsystems™ TrueNAS® Enterprise has self encrypting drives, zpool encryption, dataset encryption, and KMIP (Key Management Interoperability Protocol) support and more. Then there are block level encryption, file level encryption and et al.
I am pretty sure all other enterprise storage vendors have done plenty to apply encryption at the storage structure layers. The same goes for networking and compute vendors as well.
But storage structure encryption, including file-level encryption is just one weapon in the armoury. We still need to look at a transformational and fundamental change to fortify the security of files at birth and at source.
Revamping File System Architecture
To include security (besides just basic file permissions and access controls) and data management into files and folders would likely require an upheaval of how file systems are being designed and architected today. The mature file systems in use today are 10 years older or more. Therefore having a file system designed and developed to include security and data personalities into files will take a very long time. By then, the ransomware scourge would have run amok.
Metadata Injection
The other obvious method is injecting the files with metadata. In this case, it has to be metadata that can be used to strengthen the security of files at its foundation, fundamentally at its inception. This is already a common practice in the ETL (Extract, Load Transform) process before the data from various sources are loaded into the data warehouse.
ETL – Metadata injection
This method is already in use with iRODS and it is called Automated Ingest Filesystem Scanner.
iRODS Automated Ingest File Scanner
This is where the custom metadata injection can become an even stronger weapon by augmenting the security of files at the foundational level.
Recommendations
What I have suggested here are merely recommendations, but something that could change how the data personality can be fundamentally conceived with security enforcement built-in. Will it win in the battle against ransomware and forms of hacking?
It is hard to say but what I have been seeing is the security methods are going deeper and deeper into the technology of the data and files. And at the same time, vulnerabilities continue to surface with ransomware leading the rest in terms of breaches and extortion. Time to rethink file security fundamentals.
