Data integrity is one of the most underappreciated components of cybersecurity. In fact, I can confidently say that not many individuals would even characterize data integrity as a component of cybersecurity. Information lifecycle management – sure, but even there it is often relegated to an after thought or an ancillary part of a data management plan. Googling “data integrity” fails to yield many (okay, any) results in regards to cybersecurity. The reason for this is simple – it stems from a lack of innovative thinking about what data integrity can provide.
Let’s start with a basic understanding of what data integrity is, and what it is not. Data integrity is the assurance that the data that was created, stored, and used is accurate, complete, and consistent with what it is known to be. It has nothing to do with the traditional views of access controls, anomaly detection, or any other standard security framework, but it should. To better illustrate this point, look at two use cases:
Log File Assurance – Application log files should never be altered, but that is exactly what happens in many data breaches. It is what allows bad actors to reside on networks for so long, moving horizontally and vertically, finally extracting sensitive data over extended periods of time. The alteration of log files not only slows down the detection and response, but it significantly increases the expense of remediation. How do you know what was accessed if the logs have been altered? The costs of investigating the breach, settling fines and damages, and reputational harm that lasts years all add to the cost of a breach. So, how does data integrity solve this…
Imagine if your native log files had an immutable digital twin housed with a third-party – making them unalterable by the bad actors on your network. Periodically, you could compare the native logs to the immutable twins to determine if any alterations have occurred. Remember, there is no legitimate reason to alter a log file. If they don’t match you immediately know something is wrong and can activate your incident response plan, limiting dwell time and damage. Moving into the assessment, the immutable digital twin provides a clear, unaltered picture of what the bad actors accomplished. This will significantly reduce investigative costs (and time), fines, and damages that result from a breach, while bringing speed and certainty to the response can save your reputation.
Software and Firmware Supply Chain Security – Unfortunately, as we get better and better at protecting the network and devices, bad actors simply shift the attack vector. We saw, in fairly rapid succession, three large-scale software supply chain incidents that impacted hundreds of thousands of companies and millions of users. In these cases, it was a combination of things that led to the attack, but in all of these cases software was weaponized against the individuals that trusted it. Here, the case for data integrity is more straightforward:
Whether software is one hundred percent proprietary, or like most, utilizes open source code and libraries, publishers should have internal controls in place to vet the platform before it is released. Unfortunately, once it is released it is out of the publisher’s full control and this is where bad actors have inserted themselves. It has been clearly demonstrated that not only can bad actors alter software code and libraries, they can often do so with the unwitting help of your customer. This is where data integrity comes in. By ensuring the code that is being executed by each machine is what was intended by the publisher, malicious updates and changes can be exposed and shut down before causing any damage.
Hopefully this high-level overview has helped you begin to see how something as simple as data integrity can provide so much value. This begs the next question – what is the best way to ensure data integrity? At Covax Data we see the clear answer as high-performance blockchain. Over the coming weeks we will dig deeper into this use of blockchain, how ours is different, and how it can be used to solve other ongoing threats. If you don’t want to wait, please contact us to start a conversation.