The primary goal of security is to provide confidentiality, integrity, and availability. In this blog post, we'll define what the CIA Triad is and why security controls are evaluated against it. I'll also demonstrate how you can achieve confidentiality and high-availability using Microsoft Azure's public cloud infrastructure.
In my latest INE course, I introduced some Azure Security features. This blog post will provide deeper, detailed answers as to why and how those security features satisfy the fundamental security goal; protecting the confidentiality, integrity, and availability of your data assets in Azure.
Confidentiality, Integrity, and Availability (CIA)
Security must start somewhere. Often, that "somewhere" is a list of the most important security principles. In such a list, confidentiality, integrity, and availability (CIA) are usually present as they are viewed as the primary goals and objectives of security infrastructure.
Security controls (such as key management systems) are typically assessed on how well they address these three core information security tenets. Additionally, vulnerabilities and risks are evaluated based on the threat they pose against one or more of the CIA Triad principles.
Before getting into each principle, I will describe a few important terms as listed in the Risk Terminology image below.
An asset is anything within an environment that should be protected. It can be anything used in a business process or task. If an organization places any value on an item under its control and deems it important enough to protect, it is labeled an asset for the purposes of risk management and analysis.
The loss or disclosure of an asset could result in numerous intangible consequences, including:
- an overall security compromise
- loss of productivity
- reduction in profits
- additional expenditures
- discontinuation of the organization
Asset valuation is a dollar value assigned to an asset based on actual cost and monetary expenses. These can include costs to develop, maintain, administer, advertise, support, repair, and replace an asset. It can also include the financial impact of public confidence, industry support, productivity enhancement, knowledge equity, and ownership benefits.
Any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset, is a threat. Threat agents intentionally exploit vulnerabilities. These agents can be people, programs, hardware, or systems. Threat events are accidental and intentional exploitations of vulnerabilities. They can be natural or man-made.
The weakness in an asset or the absence of a safeguard or countermeasure is a vulnerability. In other words, a vulnerability is a flaw, loophole, oversight, error, limitation, frailty, or susceptibility in the IT infrastructure. They can be found in any aspect of an organization. If a vulnerability is exploited, loss or damage to an asset can occur.
Exposure is being susceptible to asset loss because of a threat. There is a clear possibility that a vulnerability can or will be exploited by a threat agent or event. Exposure doesn't mean that a realized threat (an event that results in a loss) is actually occurring, just that it could.
Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. When written as a formula, risk can be defined as -
Therefore, reducing either the threat agent or the vulnerability directly results in a reduction of risk.
When a risk is realized, a threat agent, actor, or event has taken advantage of a vulnerability and caused harm to or disclosure of one or more assets. The whole purpose of security is to prevent risks from being realized. This is done by removing vulnerabilities and blocking threat agents and events from jeopardizing assets.
A safeguard, security control, or countermeasure is anything that removes or reduces a vulnerability, or protects against one or more specific threats. Safeguards are the only means by which risk is mitigated or removed. There are many actions that qualify as safeguards. For example:
- installing a software patch
- making a configuration change
- altering the infrastructure
- modifying processes
- improving security policy
- training personnel more effectively
An attack is the exploitation of a vulnerability by a threat agent that causes damage, loss, or disclosure of assets. It can also be any violation or failure to adhere to an organization's security policy.
A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. When a breach is combine with an attack, a penetration, or intrusion, can occur. A penetration is when a threat agent has gained access to an organization's infrastructure through the circumvention of security controls. They are then able to directly imperil assets.
These elements are all related, as shown in the above image. Threats exploit vulnerabilities, which results in exposure. Exposure is risk and risk is mitigated by safeguards. Safeguards protect assets that are endangered by threats.
Confidentiality is the concept of the measures used to ensure the protection of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data.
For confidentiality to be maintained on a network, data must be protected from unauthorized access, use, or disclosure while in storage, process, and transit.
Numerous attacks focus on the violation of confidentiality. This can include capturing network traffic, stealing password files, social engineering, and port scanning, to name a few.
Events that lead to confidentiality breaches include:
- failing to properly encrypt a transmission
- failing to fully authenticate a remote system before transferring data
- leaving open otherwise secured access points
- accessing malicious code that opens a back door
- misrouted faxes
- documents left on printers
- walking away from an access terminal while data is displayed on the monitor
- an oversight in security policy
- misconfigured security control
Numerous countermeasures can help ensure confidentiality against possible threats. Encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, and extensive personnel training are all actions that support confidentiality.
Integrity is the concept of protecting the reliability and correctness of data. It can be examined from three perspectives:
- Preventing unauthorized subjects from making modifications
- Preventing authorized subjects from making unauthorized modifications (such as mistakes)
- Maintaining the internal and external consistency of objects, ensuring that their data is a true reflection of the real world, and any relationship with any child, peer, or parent object is valid, consistent, and verifiable.
Numerous attacks focus on the violation of integrity. Viruses, logic bombs, unauthorized access, and errors in coding and applications are all integrity-based attacks. Malicious modification, intentional replacement, and system backdoors are also attacks to look out for.
There are many countermeasures that can ensure integrity against possible threats. Many tactics include strict access control, rigorous authentication procedures, and intrusion detection systems. Additionally, there's object or data encryption, hash total verifications, interface restrictions, input/function checks, and extensive personnel training.
Availability means authorized subjects are granted timely and uninterrupted access to objects. If a security mechanism offers availability, it's giving a high level of assurance that the data, objects, and resources are accessible to authorized subjects.
The threats to availability, like the other two parts of the CIA Triad, are many. There's device failure, software errors, environmental issues (such as heat, static, flooding, power loss), and Denial of Service (DoS) attacks. There's also object destruction, communication interruptions, and human errors.
Countermeasures that can ensure availability against threats include:
- designing intermediary delivery systems properly
- using access controls effectively
- monitoring performance and network traffic
- using firewalls and routes to prevent DoS attacks
- implementing redundancy for critical systems
- maintaining and testing backup systems
With this post, I'm setting the pace for the rest of the upcoming series by defining what the goal of security is. The next post will address what process you should implement to assess threats against your assets (focused on the cloud) and how to prioritize resources.
Keep an eye out for the next phase. We'll be taking deep dives into security features that protect the goal of confidentiality and availability.
Learn more about the nuance and capabilities of Cloud Application Architecture