Cloud // Infrastructure as a Service
News
4/8/2014
11:26 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Unisys Stealth Makes Sensitive Data Go Dark

Can you make data invisible to intruders? Unisys Stealth system creates a community around sensitive data and encrypts communications between all users.

20 Great Ideas To Steal In 2014
20 Great Ideas To Steal In 2014
(Click image for larger view and slideshow.)

At last week's Interop 2014 in Las Vegas, Unisys renamed its Unisys Secure Private Cloud to Choreographer. The new name is a nod to the fact that the platform is now about marshaling a secure exchange between many different types of devices on the network rather than securing a fixed set of hardware assets.

Unisys chief information security officer Dave Frymier announced the change in a presentation titled "Don't Sweat The Small Stuff: Protect What Matters Most." To some extent, Frymier seemed bent on turning the usual approach to enterprise security on its head.

"Discovering what systems are there is what malware does," he said in a follow-up interview after the show. Enterprise security has primarily concentrated on keeping malware out through firewalls at the perimeter or by detecting its activity in server log analysis, but neither of these techniques is guaranteed to keep skilled intruders from lifting identity and credit card information. On the contrary, recent breaches at universities, Target, and other locations suggest that all too frequently intruders find what they want by getting inside before countermeasures are implemented.

That's why Unisys recommends a new approach: creating a community of interest around important software systems, then protecting them by applying encryption automatically on communications between all users. For example, instead of worrying about everyone's email, how about creating a community of interest around the users of the enterprise financial system and encrypting all communications concerning it?

[Want to learn more about security in the cloud? Read Study: Security Fears Continue To Block Cloud Deployment.]

Choreographer leverages another Unisys product, Stealth, which is basically an encryption system that allows end users to carry an encryption key on laptops or other mobile devices that can be used to send and receive encrypted messages. Malware, attempting to phish for information or sniff out passwords and keys, can ping the system for attention or attempt to break in. But without access to the encryption system, the system ignores the attempts and the intruder is kept out. To the phisher, it's as if the financial system no longer exists.

"The network of a community of interest goes dark on the corporate network," Frymier said. "It won't respond to unencrypted communication. Any user outside the community doesn't know it's there."

But aren't such keys on mobile devices an exposure to security in themselves? What if a laptop is stolen? Frymier explained that the key is enclosed in a software wrapper and installed according to the ISO standard for end user key protection. It can't be retrieved by a thief who gains control of the device.

According to Frymier, this approach is simpler and more effective in a BYOD world than attempting to track and monitor activity on many different kinds of devices. It won't protect everything, but it will protect any system and set of sensitive data deemed worthy of having its own community of interest. For a financial system at a large company, the community might include 1,000 or more end users and would remain dark to any user who is not part of the community.

Unisys, which produced Stealth two years ago, announced a way to apply it to BYOD mobile systems last fall. Frymier admitted that Stealth had few adopters at first, but he said the growing use of smart phones and tablets in the enterprise has since turned the tables. Since its BYOD announcement, Unisys has been peppered with requests for guidance on how to establish a pilot project.

"Right now a lot of information security is focused on log file management, generating alerts, [and] detecting an intrusive presence. This isn't doing any of that," Frymier noted. Instead, it walls off data and applications that are rich targets for intruders.

Last June, Unisys announced Stealth for Amazon Web Services, which encrypts all communications between enterprise users and business-critical systems running on Amazon. Unlike other such systems, the Stealth key is kept on a secure server inside the enterprise and deeply embedded in end-user devices. Many other encryption protection systems require the key to be stored inside the cloud service and accessed over the public Internet to work with mobile users, Frymier explained, which can create problems.

The Stealth name is borrowed from the US Air Force's stealth aircraft, which absorbs searching radar waves rather than sending back an echo. Similarly, Unisys Stealth absorbs intruders' communications but offers nothing back.

Cyber-criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
4/9/2014 | 7:47:20 PM
Stealth
Unisys's approach may mean a performance hit, but is likely to gain attention in  government circles, where efforts to do continuous monitoring and diagnostics does little to remove the threats compared to "hiding" networks that rogue hackers "can't see." 
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
4/8/2014 | 12:26:47 PM
Don't forget the performance hit
Frymier also confirmed that there is a 5-7% performance hit to perform encryption on a business critical application's communications. Does your system have the headroom to absorb that? Is the added processing worth it?

 
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.