Information Security Today Home

New Books
FISMA Principles and Best Practices: Beyond Compliance
Cyber Security Essentials
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World
Security Strategy: From Requirements to Reality
Adaptive Security Management Architecture

Protection of Sensitive Data

Sandy Bacik

What constitutes sensitive data for an enterprise: paper copies of forms, faxes, employee data, insurance information, support contracts, intellectual property, or client data? How does the enterprise physically protect sensitive data in hard copy form or removable media? Locked closet, desk, or cabinet? Are there any environmental concerns with those areas? Many organizations are digitizing their hard copy fi les for more efficient and effective storage, but some regulations for records retention still require an organization to retain the hard copies. And many times, an enterprise will store electronic copies on removable media.

The amount of data that a staff member comes across daily can be enormous. It is not possible to protect all the data that a staff member can come across. The enterprise needs to document what constitutes sensitive data (data classification policy) and identify the level of protection required. This article discusses the physical (not logical through access control) protection of sensitive data and what to consider in the environment.

Temperature
One of the main environmental threats to equipment and sensitive data is temperature. The generally accepted, ideal temperature is between 68°F and 74°F (20°C-24°C) for storage of electrical equipment and paper. Excessive heat degrades network performance and causes downtime. As the temperature increases, a heat sink fan works harder to cool the central processing unit (CPU). Continuous overworking causes the fan to fail, leading to equipment overheating. A machine shuts down when it reaches an unsafe temperature in order to prevent permanent damage. When that happens, an administrator must then be located, day or night, go to the machine, and reboot it after it has cooled. Consequently, services hosted by a down machine are unavailable until it is restarted, which can take minutes or hours. If the services are critical, revenues can be lost, users cannot login, and communications are interrupted. If the equipment shutdown is not done properly, data can be lost.

Excessive heat and rapid temperature changes damage equipment. Together, heat and moisture accelerate the breakdown of materials used in microchips, motherboards, and hard drives, which ages equipment more rapidly. Heat-damaged equipment must be replaced, increasing the cost of network maintenance. Controlling temperature is becoming more important and more difficult because of changes in equipment design and greater use of network services. As old equipment is replaced with new equipment, that new equipment has more power and cooling requirements because it runs faster and hotter. New equipment also has smaller and more condensed circuit board, thus trapping heat in a smaller space. The smaller, more efficient, equipment is then packed tighter. The increased density increases the amount of heat dissipated within the rack and data center. Increased network usage also increases heat, so as usage levels change during the day, so does the temperature and the need for cooling. For networks that operate near capacity 24 hours a day, every day of the year, there is little, if any, time for machines to cool down.

Strong temperature controls that include training, monitoring, and testing the temperature devices will ensure that equipment will have longevity in the production environment.

Humidity
Another main environmental threat to network equipment and sensitive data is humidity. Temperature and humidity have been shown to be interdependent. Humidity, too much dampness or moisture in the air, can cause water damage to electronics, paper, and computer equipment. Humidity can be natural or man-made. Rapid temperature increases can increase humidity, while rapid drops can cause water in humid air to condense on equipment. Some causes for high humidity are a mixture of hot and cold air, leaky pipes, and an increase of water used in day-to-day activities. The relative humidity should be between 40% and 50%.

High humidity levels can produce condensation problems within a data center and other office storage areas. Condensation occurs when humidity levels are too high or when there is a rapid temperature drop and then the enterprise can potentially have water running along pipes. Condensation inside equipment can cause rust, short circuits, or deposits of dirt and minerals that ruin equipment.

Like a temperature control, a companion humidity control device that includes training, monitoring, and testing the temperature devices will help ensure that equipment will continue to have longevity in the production environment.

Hard Copy Deterioration
Where there is moisture due to high humidity, there can be biological growths such as molds or fungi, insects and rodents infestations. Biological agents attack paper and other organic materials when both temperature and humidity are not regulated properly. Mold spores and fungi can remain suspended in the air until they find suitable conditions for their living habits. Mold and fungi can result in the staining and deterioration of organic materials. It is a common experience to note that mold and fungi growth can occur more readily on items that are tightly packed and have stagnant pockets of moist air, which favors mold and fungi growth.

In addition to high temperature and humidity, staff's cleaning negligence can favor mold and fungi, as well as the growth and proliferation of insects. This negligence can result in the following:

  • Accumulations of dirt and dust from poor or careless housekeeping practices on materials and electronics
  • Trails of foodstuff in storage and exhibit areas due to staff leaving items behind
  • Opening or closing of air vents or poorly sealed windows and doors
  • Poor ventilation in and around the materials and equipment

Rodents and insects can be some of the worst enemies of books and other organic materials. Insects are attracted to the proteins and carbohydrates in the form of paste, starches, or other organic substances. Damage can vary from a few markings and holes to complete destruction.

Light
Another cause of deterioration of sensitive data can be light. The types of materials that are subject to damage by light are pigments and dyestuff , including inks, paper, and other cellulose materials, and various other organic materials holding copies of sensitive data. Inks and dyestuff fade when exposed to light. Unfortunately, coloring in pictures and forms fade selectively, some disappearing while others remain unchanged, which means that the color relationships of hard copies can be distorted.

Serious paper deterioration is caused by cellulose oxidation that comes through ultraviolet rays (like sunlight) and fluorescent light. Two changes affect hard copies: embrittlement and deterioration. Embrittlement is paper whitening and color fading of certain inks and paper. Deterioration is the oxygenation that occurs when paper reacts to the air and turns yellow or brownish, like old newspapers you might find in an attic or basement. One other thing with light damage, paper continues to degrade after the light source has been removed.

Data-in-Motion and Data-at-Rest
With sensitive data there are two types of data that may need encryption: data-in-motion and data-at-rest. Data-in-motion is data that is in transit between two points or data in transmission. Data-in-motion comprises data moving over LANs, WANs, the Internet, etc. Data-in-motion can also be in motion when stored on removable media and being transported to another location. Data-at-rest is the data at the endpoints of transmission. This can be data stored in applications, databases, files, etc. One thing to remember is that the encryption of data-in-motion does not necessarily protect data-at-rest.

Where and when should sensitive data be encrypted? Possibly, all the time, depending upon the regulations and enterprise standards. When the decision to encrypt is made, the data owner and system owner need to decide where and how to implement encryption. While the author cannot recommend specific encryption software or methods, the enterprise, data owner, and system owner should document business requirements for encryption. Some of the business requirements should consider the following:

  • Risks of sensitive data disclosure
  • Amount of sensitive data
  • Frequency of sensitive data changes
  • Cost of the encryption and storage solution
  • Burden of the maintenance of the encryption and storage on staff

Destruction of Sensitive Data
When sensitive data has come to the end of its useful life, is in surplus, or needs to be destroyed per a records retention standard, methods and processes need to be in place. If the sensitive data is stored on media, then methods and processes need to be in place for media destruction or reuse.

The most common methods of destroying paper media are individual shredders, shred bins, and confidential destruction bins. Many times, individual departments will purchase shredders because they work with sensitive data on a daily basis. Should an enterprise determine the need for multiple shred and confidential destruction bins with contracted services, the enterprise needs to understand the use of the bins and contracted third parties need to meet the enterprise needs. If an enterprise contracts services for destruction of paper contained in bins, on at least an annual basis the enterprise should test or follow the contracted services to ensure the paper is stored and destroyed per contact requirements.

Many times, certain departments will store sensitive data on removable media. Removable media is one of the hardest things to control within an enterprise, because it can accidently disappear and never be found or it can walk off enterprise premises and be used for another enterprise's competitive advantage. Things like a USB drive can be reused many times, therefore, an enterprise needs to have standards on how to reuse removable media. Depending on the removable media, physical destruction can include crushing, shredding, incinerating, or otherwise rendering the physical media unusable. If the media is to be reused, then processes need to be in place to eliminate the original data from the removable media, such as low-level formatting or completely overwriting the data.

Current Monitoring Practices
In a typical business, three groups monitor the environment: system and network administrators, security personnel, and facility maintenance employees. Network administrators often rely on a single thermometer and subjective notions about "comfort" to control the temperature of server rooms and data centers. In addition, security personnel and facility maintenance departments monitor areas outside of the server rooms and also check the environmental controls within the data center on a "regular basis." This "regular basis" should be at least daily, yet, many times, is only quarterly or when there is a reported problem. These three groups usually attempt to coordinate their efforts, but each maintain separate systems, practices, and habits. Ultimately, system and network administrators are primarily responsible for protecting hardware. This approach has the following weaknesses:

  • Staff are not trained to recognize all threats: Damage caused by the environment can be subtle or attributed to other causes. Accelerated equipment aging due to heat or condensation occurs over years and is often written off as a natural process; i.e., "equipment just wears out." Condensation, rust, and heat damage is usually hidden inside machines, out of sight.
  • Nonstandard (inconsistent) processes for all staff: The room thermometers are checked only when the environment feels too hot or cold. Unfortunately, the sense of a "comfortable" temperature and humidity level varies from person to person.
  • No 7 × 24 × 365 monitoring activities: Environmental threats can occur 24 hours a day, every day of the year. Staff is not always in the data center, especially on nights and weekends. Depending on staffing levels and schedules, server room environments can be unmonitored up to 65% of the time during an average week.
  • It is not my job: Another gap can occur because of shared responsibilities. Facilities might be monitoring for water leaks and flooding, but they rely on system and network administrators and security personnel to review every time they enter the data center. Frequently, one person will not look, because they think someone else is doing it. Or someone will see something and report it to the wrong person. The vulnerabilities develop and potential problems are never investigated until it is too late.
  • No automated environmental tracking: Temperature and humidity levels constantly change. Without a condition logging, an administrator cannot identify changes through trending metrics. Therefore, these problems continue for days or months, while time and money is wasted investigating false causes and solutions.
  • Staff have so many daily duties, they only focus on catastrophes, not daily problems: Enterprises want to avoid catastrophes, but they do little to protect from threats that slowly damage hardware or promote preventative maintenance, such as detecting gradual temperature increases that indicate a need to clean fans or air filters.

An effective server environment monitoring system addresses the weaknesses in the current practice of having personnel monitor the environment. Enterprises need a combination of manual and automated monitoring to protect all sensitive data.

Conclusion
Any changes to environmental conditions anywhere sensitive data is stored can impact its future use and cause potential damage to that sensitive data recovery. Environmental monitoring includes temperature, lighting, humidity, airflow, and cleanliness. To start, a sensitive data policy should be created. Regular controls for environmental conditions include:

  • Changing filters
  • HVAC maintenance
  • UPS maintenance and testing
  • Maintenance and testing of environmental controls
  • Proper and thorough cleaning

Manual and automated environmental monitoring of sensitive data can provide the following benefits:

  • Control equipment maintenance costs: In a stable environment, equipment lasts longer, and less equipment is damaged and needs to be replaced. Sometimes, the savings from not having to replace equipment can pay for the cost of the monitoring system.
  • Longer lead time to fix a small problem: Early warnings permit staff to respond to an issue before it becomes a disaster.
  • Reduced production downtime: Hardware used in good consistent environmental conditions operates more efficiently and effectively, reducing the number of outages.
  • Environmental data logs for trending analysis: Reporting and monitoring the environmental log data ensures stable conditions and also makes available more data when an investigation is required.

Related Reading
Most Disk Overwriting Software May Compromise Data Security

Information Destruction Requirements and Techniques

Responsible Hard Drive Destruction

Best Practices for Protecting Critical Business Data

Separating Backup and Archiving: Securing Your Digital Information

About the Author
Sandy Bacik, CISSP, ISSMP, CISM, CHS-III, has over 22 years experience in information security and various information technology positions.

This article is from Information Security Management Handbook, Sixth Edition, Volume 4

 
Subscribe to Information Security Today





Powered by VerticalResponse

Share This Article

© Copyright 2011 Auerbach Publications