Trust no Single Point of Failure
Today, your organization’s weakest link is “the human factor”. Separation of duties (SoD) protects you from ransomware attack, fraud and human error. It is also the way to avoid unwanted risk and conflicts of interest.
A single point of failure (SPoF) in your backup system can grind your business to a halt. We are all just human, and any trusted employee (on both administrative and technical levels) can make a mistake or with either good or bad intentions damage your backup. Proper separation of duties ensures that this can’t happen.
What Does Separation of Duties Actually Mean?
The basic principle of Separation of Duties (SoD) is that no single person or group should be able to carry out all actions in a business-critical activity. SoD has for centuries been a well-known concept in almost any financial department. When it comes to IT security, SoD is a way to mitigate the risk of damage – accidental or intentional – to the integrity, confidentiality and availability of your data. SoD can protect against deletion of live data and subsequent backup data. In that way, you can gain protection against malicious ransomware/crypto-locker attacks and prevent operator errors and sabotage attempts. In short, SoD is a crucial risk management measure.
Logical and Physical Separation of Duties
The principle of SoD should be applied on multiple levels. On the logical level we have everything regarding credentials – that is what a given user can see and potentially leak or destroy. Logical SoD covers the virtual access to data.
The physical level is where your data is located – which specific servers store your data and their physical location. If someone breaks into that location or sets fire to your server, what would be the impact? Would your backup server be affected as well, or is that backup in another physical location?
How to Separate Your Live Data From Your Backup
Logical Separation of Duties
No single administrator or user should be able to access both your backup data and your live data. Period. Even if this person is your most loyal, thorough or discrete employee, granting anyone that kind of access would be a serious security risk. Human error or blackmail are genuine risks that can compromise your data. The principle of SoD ensures that no single person has permission to access to both your live data and backups.
Risk prevention: Blackmail, fraud, human error or intentional damage.
Physical Separation of Duties
All data in a cloud service or application are stored on a physical server at a physical location somewhere in the world. This means there is a potential risk of fire, electrical outages, earthquakes, terrorism etc. Another vulnerability is the people who can accesses these sites. Cleaning staff, electricians, maintenance crews and trespassers can all cause serious damage to your data – intentionally or unintentionally. With SoD, people with physical access to server sites are logged, and the same individuals are not able to access both your backup data site and your live data site.
Risk prevention: Fire, break-in, electrical outages, terrorism etc.
Concept of Critical Mass
The biggest challenge for practicing SoD is the heavy costs associated obtaining critical mass; Obviously, when you hire someone to be responsible for your backup, this same person shouldn’t be in charge of or operate your live data as well. But in real life, this separation of duties can be difficult– even for large enterprises. One approach is to run your own data center. However, even there, we often see a lax attitude toward the SoD guidelines, and maintaining a team of people dedicated solely to backup in case of vacation days, time off, sick days etc. is costly. And besides, it is hard to find IT professionals with high level of backup expertise.
Risk Prevention: Practicing SoD on vacation days, time off, sick days etc.
More and more IT auditors require Separation of Duties for technicians as well as in accounting. SoD can help with compliance with the EU’s General Data Protection Regulation (GDPR). The aim is to prevent conflicts of interest, abuse of power etc. as well as to make it possible to detect security breaches, data theft and the like.