Before start today’s topic I want to quickly bring awareness that the Windows Security Survival Guide is featured at April’s Microsoft Security Newsletter, more info can be found at http://technet.microsoft.com/en-us/security/dd162324 . There you find the link to the Windows Security Survival Guide in the Security Guidance section as shown below:
Today we will talk about the last security pillar called Confidentiality, which is one of the greatest subject nowadays, mainly because it touches privacy issues. Is on the news all over the place, data breach is happening in many instances, let’s see some recent examples:
- Kroger Notifies Customers of Data Breach Stemming from Third-Party Email Vendor - http://www.securityweek.com/kroger-notifies-customers-data-breach-stemming-third-party-email-vendor
- Oklahoma hospital suffers data breach of 84,000 patient records - http://www.infosecurity-us.com/view/17024/oklahoma-hospital-suffers-data-breach-of-84000-patient-records
- One Lost Laptop is All it Takes - http://communities.intel.com/community/openportit/vproexpert/blog/2011/04/20/one-lost-laptop-is-all-it-takes
Those are only a few examples that happened this month (April 2011); I’m avoiding going back and retrieving other examples to make sure that you know that this issue is happening now. At the end of the day, this just shows you how important it is to correctly handle confidentiality in your environment.
Make sure to address all pieces
One way that confidentiality can be compromised is when data is in transit, but not only in transit from point A to point B via network, but also locally within the OS. If you fail to correctly address potential breaches locally while implementing a feature or developing an application, chances are that this will be the area to be exploited.
As you can see it is not only a matter of saying: I’m going to encrypt all my traffic and I’m good on that. There are many other places that the correct countermeasure must be applied to avoid compromising the confidentiality of your data. What are the countermeasures that your company is adopting to address issues that will affect confidentiality? Are you using all resources that Windows has in order to assist you on that? Read the Confidentiality section of the Windows Security Survival Guide to know more about the Windows resources that can assist you to overcome the challenges in this area.