Vital Lessons From The OPM Hack
The Office of Personnel Management (OPM), responsible for keeping the records of civilian federal employees in the US, was hacked in April – but this was only recently revealed by the US government.
The whole thing was said to be simply due to social engineering and bad credential management with contractors – most of which can be combated by education and training.
We thought it would be beneficial to briefly go over some vital lessons from the OPM hack, as they apply to many legacy enterprise file systems.
Auditing and Access Controls
Once the hackers were in the door (which was apparently a fairly easy process), they were free to run amok. Even worse, though, is that the OPM had a lack of auditing and data management software to understand the scope of the security failure. Additionally, stealing files and sensitive data was easy considering even the lack of basic file encryption.
Modern cloud solutions like Box employ numerous encryption techniques, are compliant to a number of government policies, and have expansive audit capabilities for IT security administrators. This includes detailed logs of where access is coming from and exactly who’s doing what once they’re in the system.
Legacy Systems Are, Well… Old
They’re also becoming more expensive. Finding people with expertise in legacy systems coded with older languages requires a great deal of financial incentive, as most of the people fluent in those methods are retiring.
OPM was using COBOL for most of their systems, which is a coding language that has been around since 1959 and isn’t getting more popular. For some perspective, here are the job prospects for people fluent in COBOL versus other languages:
Photo credit: Indeed.com
Newer solutions, whether cloud hosted by third-parties or created by your IT team, have a plethora of resources online for adding extra security, like encryption libraries or open source projects like OWASP, dedicated to providing more hardened security tools.
Look To The Cloud
Perhaps it’s time for a modern change? Cloud software is hardened against attacks, and offers much less strain on IT Security teams than home-baked legacy systems running antiquated code. Many solutions offer multi-factor authentication in case some user credentials are compromised, and offer web and mobile ready tools for keeping up with trends.
With Box securing files for the US Department of Justice and Amazon’s introduction of GovCloud, it’s becoming apparent that the cloud is the best option for enterprise file-sharing, collaboration, and large volume data storage – because even the government is doing it.
You should never take information security lightly – migrate off your legacy systems and into something more secure and cost effective today with Mover.
- Serving Our Core Customers
- Three Ways to Defend Against Ransomware Like Cryptolocker
- World Backup Day 2016
- Helping Copy and CudaDrive Users Find A New Home
- Making A Cloud Migration Communication Plan
- Thinking About Backups
- Greener Pastures for GreenQloud
- Vital Lessons from the OPM Hack
- Announcing Google Cloud Storage Support
- Moving to Google Photos
- Mover Partners with Dropbox for Business
- Incremental Feature Updated
- Migrating to Google Drive
- Welcoming Bitcasa
- Rescuing Ubuntu One
- Cloud Storage Services Affected by Heartbleed Bug
- New Pricing for 2014
- How to Calculate Total Google Drive for Work Data Storage
- World Backup Day 2014
- Why We Chose Keen IO
- Paying for Cloud Storage is Temporary
- Switching to Cloud Storage
- Cloud Closures Remind Us of the Importance of Backups
- Friday the 13th Service Outage
- 19 Cloud Connectors
- Mover Adds Copy Support
- Data Gravity
- SEC Financial Regulations Rule 17a and the Cloud
- HIPAA Health Regulations in the Cloud
- SFTP Private Key Addition
- Mover Ranked First in Forbes List of Companies to Watch
- Yandex.Disk is Joining Mover
- We're Merging Backup Box Into Mover
- Mover Integrates WebDAV
- Mover and SharePoint
- SmugMug Joins With Mover
- Start Connecting with Egnyte