Handling sensitive records in Hong Kong

Increasing awareness around personal privacy issues and handling of consumer data by organizations in Hong Kong is driving enterprises to evaluate how customer records are maintained within their organization – and how, and by whom, they can be accessed and transferred to outside networks.

Controlling the handling of sensitive records involves implementing strict data handling policies, as well as ensuring the organization has visibility over how data is accessed and by whom.

These controls need to extend not only to the persons who process customer or citizen records as part of their work, but also to the individuals who maintain the IT environment that houses and transfers this data – the IT administrators.

Often these roles carry the highest practical power within the organization when it comes to data access, but are the most difficult to ensure full accountability for.

Security policies, and industry standards such as PCI-DSS (Payment Card Industry Data Security Standard), typically mandate that network channels used by administrators and outsourced IT resources to manage IT assets are encrypted to protect privileged-user credentials.

This has the side-effect of preventing firewalls, Data Loss Prevention and Intrusion Detection Systems from inspecting the contents of that traffic, and makes it difficult to ensure that these channels only carry authorized traffic and content.

The fact that these privileged users may have the capability to edit and erase logs, or to disable processes such as monitoring agents, adds to the potential risk presented by the lack of control over the increasing amount of encrypted channels within and between enterprise networks.

Privileged user authorization systems often require changes to network topology, business processes, and the way the administrators perform their tasks, involving bastion servers, application gateways, or limited-functionality java or web applications.

The cumbersome deployment and process limitations make them expensive to maintain, and lead the users to find grey-IT workarounds to avoid the loss in productivity.

A suggested approach is to introduce transparent audit points into the environment. These audit points have the capability to unencrypt the privileged-user traffic, inspect the contents to enforce content policy (or to pass the content to DLP or IDS services), store a centralized audit archive of the session contents, and to re-encrypt the channel before sending it to its original destination.

This distributed audit environment avoids changes to the business processes or user experience, and enables cost-effective audit and controls for privileged user access, also over encrypted channels.