There was an article in Security Products recently that discussed Situational Awareness in a maritime environment. Due to the extreme number of ships both commercial and military that are on the seas at any one time, it is imperative that you have a way to quickly identify the target, assess the threat level, and act accordingly. Boarding every ship before it comes into port is just not a viable alternative.
Wikipedia defines Situational Awareness as the perception of environmental elements with respect to time and/or space, the comprehension of their meaning, and the projection of their status after some variable has changed, such as time. What this really means is that your actions are no longer black and white. You now have a conditional environment on which to act, and if something changes, so too will your action or reaction to the situation. It’s about WHO / WHAT/ WHEN /WHERE.
The number of sensors, both quantity and types, is enormous. Being able to collect all that data and to put it into a Situational Awareness Management System (SAMS) is the key to being able to effectively manage any potential threat that may be there. And as was previously stated, boarding every ship is not an effective way to manage this effort, so SAMS needs to help identify the level of risk before action is taken. Any slight change in the environment can change the level of threat at any time, so maintaining and monitoring from a real time perspective is the key.
Now let’s look at situational awareness from another perspective. If identifying a threat is the goal, then just protecting the border is not enough. In other words, how do we apply situational awareness in our IT environment? It has to do with the governance, controls and security that is put in place to safeguard your data. It’s about WHO / WHAT / WHEN / WHERE and collating the information and either automating the decisions or putting it into a SAMS-like dashboard.
From a governance perspective, you need to be able to identify who has access to the data. Being able to effectively manage roles and responsibilities, elevate a user’s credentials when necessary, and revoke them when they are not is a good start. This is the WHO.
Having a system in place that identifies the WHO does no good if the data is not managed with the appropriate tags. You need to be able to manage your data so that only those users with the proper credentials can see it. This is the WHAT component.
WHEN is another key to the big picture. While in and of itself, it may not present a problem to access data at any time, but when coupled with other information, it may be a red flag. For instance, if Joe is based in Chicago and tries to access a file at 3:00 am Chicago time, is Joe working late hours, or has someone stolen his id and is accessing the data from the other side of the globe.
And that’s why WHERE actually is necessary when looking at the big picture. Using the previous example, you can tell if Joe is working late based on his location, or if someone is trying to access the data using his ID. Knowing the geo-location of the person can certainly be a useful parameter in determining if access should be granted or not.
So, while basic data access controls are good, having a fine grained security system that can track the WHO, WHAT, WHEN, WHERE of any data access and determine the risk factor and then determine whether access should be allowed or denied is even better and keeps you from having to “board every ship”. Identity is the new perimeter. You can’t rely on existing perimeter controls anymore, you have to get to the specifics of the data. Because, the biggest threat to your data may be sitting in the chair next to you.