Recently, the Justice Department of the United States have prosecuted five Chinese military officials for hacking several U.S. companies’ computers to access trade secrets. Huge and established companies such as U.S. Steel Corporation, Westinghouse Electric Company, and Alcoa Inc. were just some of the many victims of the alleged Chinese hackers.
This news may not be new for some, as case of hacking has been widely broadcasted in the media the past few years. Not all of the hacking cases were done by outsiders though. Some, including the diplomatic cables data found in Wikileaks, were obtained by Chelsea Manning, a U.S. army soldier stationed in Iraq – a personnel who has access to classified material.
One would assume that security within the three prominent companies mentioned was unbreakable. Or were the hackers too good to hack any company regardless of security? Regarding Manning, meanwhile, why does he have access to confidential data when he shouldn’t have?
Some companies, because of their rapid growth, may be guilty of not enforcing strict and updated security measures to protect their data. Especially for large companies utilizing private clouds, strict measures should be followed to ensure data are protected from external threats.
But how can you avoid being hacked? Having the right security infrastructure is the first step, however, you have to make sure that it has all your requirements. Here are some features that you would want to see in a system to keep your data intact and secure:
1. Take encryption seriously. It is said that it takes about a week to crack a 40-bit encryption by brute force. To break a 128-bit encryption using brute force, one would have to go impossible means like developing a CPU that can test 1 billion keys per second. A 128-bit document encryption may be enough but there are systems like Enadoc, which uses 256-bit AES Encryption for added protection.
AES is Advanced Encryption Standard, which is established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Having 256-bit means there are 2^256 possible key combinations to try, as opposed to 128-bit, which entails 2^128 possible combinations.
2. Ensure that information in documents are seen by the right set of people. In Manning’s case, he had access to the huge bulk of data that is marked top secret as he is one of the three million U.S. government personnel who had access to documents marked as Sipdis or secret internet protocol distribution within the closed U.S. SIPRNet.
How would have this been prevented? If these documents applied document redaction and security levels, Manning would not have leaked, less access these documents. Document redaction blacks out certain part of documents depending on the security level, while security levels are assigned to each document so that individuals without the right security level cannot access the document at all.
3. Trust in the security of some public clouds. Sometimes, it’s better to trust in the public cloud’s security rather than building your own private cloud with your own preferences. Aside from the fact that it would cost you more money, you need the right experts to ensure that your private cloud is secure.
Microsoft and Amazon are two established companies that have been offering secure public cloud environments. Both have redundant server infrastructure, which means that the data are mirrored in different locations, ensuring that there were will zero downtime. Furthermore, both clouds are encrypted and their experience in providing this service ensures little to zero security vulnerabilities.
Fortunately, Enadoc utlizes all three techniques to keeping your data secure. For more information, please contact us to request a presentation or a quotation.