The HBO hack reveals how vulnerable data is to black hats

The HBO hack is the latest in a string of high-profile hacks over the last two years (Dropbox, Yahoo!, UK Ministry of Health) where a handful of vulnerable servers were compromised and used to take down and steal information. Studies have shown the next year represent a turning point in the digitization of enterprise content. A recent Forrester study commissioned by Alfresco found the number of firms with virtually all digital content will shift from 14 percent today, to 50 percent in just two years. One of the biggest concerns those firms will face is scattered content and the security risk it poses.

Whether it’s content saved on Dropbox or locally on employee computers, many companies have already resigned themselves to the fact that their ecosystems will be penetrated at some point in time. But for most of them, their top priority will be to minimize the exposure and limit the surface area vulnerable to attack. There are three questions every company should be able to answer: Can we effectively inventory our most vital/precious/sensitive information? Can we effectively secure it? And, do we have consistent protocols that are followed and policies updated in place to ensure effective governance/data lifecycle management of these assets? The importance of being able to answer these questions easily will only continue to increase as the level of diligence on the part of the Black Hat community continues to grow.

Ankur Laroia serves as the leader of Solutions Strategy at Alfresco, a suite of digital information management systems. We sat down with him to learn more about how Alfresco is keeping businesses safe.

ADM: Explain Alfresco’s digital business platform and how it pertains to security hacks such as HBO's.

Laroia: Alfresco’s digital business platform provides an open, transparent, scalable foundation that enables enterprises large and small to inventory, curate, secure and manage their most vital asset - information and intellectual property.

ADM: How has the latest HBO hack served to shine a spotlight on data security?

Laroia: The HBO hack underscores the inevitable proliferation of digital data and - when left ungoverned - the exposure sustained by enterprises. Studies have shown the next year represent a turning point in the digitization of enterprise content. In fact, Alfresco recently commissioned a Forrester study that found the number of firms with virtually all digital content will shift from 14 percent today, to 50 percent in just two years. The same Forrester report showed that 67 percent of end users have to reference external content every time they onboard new customers or partners, address customer service requests, or manage financial or accounting processes. Scattered content, whether it’s saved in Dropbox vs. on-premises or some other non-integrated solution, poses a major security risk.

ADM: While this was "just" an entertainment hack, are you aware of other industries, such as insurance, accounting and medical, being proactive in preventing the same from happening? And if not, what would be holding them back from doing so?

Laroia: The theft and or compromising of vital information is becoming a fairly common phenomenon. This tends to be a two pronged issue, there are threats from outside the company and there are also rogue actors lurking within the organization’s firewalls. Companies that store PII (personally identifiable information) such as financial institutions as well as those that deal with patient data (hospitals, labs, health insurance companies) find themselves especially susceptible to attacks. Most have hardened their perimeter and put in infrastructure centric measures to thwart hackers from the outside, to date, little has been done to effectively inventory, secure, manage and dispose of data/information in the enterprise.

ADM: Do the ways companies protect their data change if they have employees working all around the world?

Laroia: We live in a global economy and the threats are both exponential and global. With the advent of outsourcing and offshoring, data theft/data compromise are existing risks that organizations must mitigate against. The challenges they face relate to the increasing amount of data (the 3Vs - Volume, Variety and Velocity) that proliferate across systems across the globe. Companies must adopt good information management practices along with modern technologies and platforms to effectively thwart bad actors.

ADM: Are data breaches the “new normal” for companies?

Laroia: Data breaches will happen; most CSOs or CISOs have resigned themselves to the fact that their ecosystems will be penetrated at some point in time. The offset is to minimize the exposure and limit the surface area vulnerable to attack.

ADM: Are hackers getting more sophisticated? Or are companies just not keeping up with cybersecurity?

Laroia: There are nation-states that have “elite: militarized hacking units that constantly look for vulnerabilities in closed, black box software - where the code is available for perhaps a few divisions of developers to review. The hacking methodologies as well as techniques and tooling are growing ever more complex

ADM: What are the three questions any company should be able to answer about its data security?

Laroia: Can we effectively inventory our most vital/precious/sensitive information?
Can we effectively secure it?
Do we have consistent protocols that are followed and policies updated in place to ensure effective governance/data lifecycle management of these assets?

ADM: What are the biggest issue companies will have to watch out for on the security front over the next year?

Laroia: We will see hacks more like the ones we’ve seen this year and last year (Dropbox, Yahoo, HBO, UK Ministry of Health) where a handful of vulnerable servers are compromised and then used to take down and steal information. These attacks are well planned, well orchestrated and impeccably executed. That level of diligence on the part of the black hat community will only continue to grow.

ADM: Where do you see the technology in 3-5 years in regard to preventing security breaches?

Laroia: I predict that there will be a greater emphasis on business processes/protocols that help govern information through its lifecycle coupled with investment in modern platforms such as Alfresco’s to inventory, curate, secure and manage information through its lifecycle.

About Ankur Laroia

Ankur Laroia serves as Leader - Solutions Strategy at Alfresco, where he leads, guides and directs the application of the latest Enterprise Content Management and Business Process Orchestration technologies and frameworks with respect to developing transformative strategies and models that support the use of computational technology to gain competitive efficiencies and achieve successful business outcomes. Mr. Laroia is a recognized thought leader and expert in the disciplines of business transformation and information technology (IT) strategy. Ankur has advised many of the Global 2000 with regards to Enterprise Information & Content Management, Enterprise Resource Planning, Enterprise Application Integration strategies and business architectures.