This brief describes the impact of California’s Database Security Breach Notification Act and California’s General Security Standard for Businesses on the IT organizations of any state agency, nonprofit, or business that conducts business in California and maintains computerized data that includes personal information. The two bills are also known as California Senate Bill 1386 (SB 1386) and California Assembly Bill 1950 (AB 1950) respectively.
A use case is presented, in which an affected business entity uses Server General TDE to protect its data directory, which stores personal information, thereby providing a comprehensive security measure against security breaches, which could make the organization liable to civil action, damage its reputation, and potential penalties. It is worth noting that the data directory with personal information in it can reside within a database server or a file server.
Forty other States now have notification laws on their books modeled after SB 1386 and AB 1950 making this brief pertinent on a national scale.
SB 1386 was signed into law on September 25, 2002 and became effective on July 1, 2003. AB 1950 was signed into law on September 29, 2004 and became effective on January 1, 2005. SB 1386 states that businesses, which conduct business in California, and keep personal information about individuals, must put measures in place to monitor such information – and upon discovery of any breach or any suspected breach, must report the event to all individuals that may have been affected. AB 1950 extends the intent of SB 1386 beyond notification, and mandates that these organizations must take adequate steps to safeguard personal information about individuals.
The relevant entities are any state agencies, non-profit organizations, persons, or businesses that conduct business in California and that own or license computerized data such as credit card transactions, magazine subscriptions, telephone numbers, real estate records, automobile registrations, consumer surveys, warranty registrations, credit reports, etc. The legislation is not limited to companies domiciled in California; rather its coverage encompasses companies whose customers reside in California.
Personal information is defined as an individual’s last name and first name or initial, in combination with a social security number; driver’s license or California ID Card number; or account, credit or debit card number, in combination with any security code, access code or password that would permit access to the account. An exemption is provided for personal information that is encrypted or redacted.
Server General TDE Use Case
Acme Internet Retailers, a fictitious company, not domiciled in California, stores and manages customer personal information including names, addresses, and passwords to facilitate web transactions.
- The unencrypted information stored in the data directory at Acme constitutes of customer names and their credit card numbers, and therefore qualifies as personal information as described in the legislation SB 1386 and AB 1950. And upon a breach, Acme Internet Retailers would be subject to any/all of the terms of SB 1386 and AB 1950, which include potential liabilities, penalties for non-compliance, costs for notification, damage to reputation, etc.
- Additionally, the data is vulnerable to physical theft, unauthorized access, information theft, and data tampering. Without additional security measures, the company would be vulnerable to attacks that could compromise their customers’ personal information. Acme stands to lose business due to lost goodwill. Potential litigation stemming from such breaches could result not only in financial losses but also in defocusing corporate resources.
- Acme Internet Retailers deploys Server General TDE agent on their server that stores personal information. By utilizing Server General TDE, which uses industry-standard, strong encryption, Acme Internet Retailers has taken a qualifying measure to protect their customer personal information. Complementing the data encryption capabilities, the advanced access control features of Server General TDE protect data against insider attacks, snooping and physical theft – as well as providing alerts and notification in the event of attempted breaches.
By providing comprehensive security measures for the personal information stored in the server, Acme Internet Retailers operates in compliance with SB 1386 and AB 1950.
Threats to Personal Information Stored in a server
Data Theft due to Unauthorized Privileged Access
A malicious ‘root’ user can expose sensitive personal information directly. This technique can be used by untrustworthy systems administrators, or by an attacker who has gained ‘root’ access.
Data Integrity Attacks
A malicious or compromised ‘root’ user can alter data stored in a file. Such an attack puts integrity of the data in question thereby rendering it unreliable. These types of attacks are harder to track down as modifications do not alter the expected behavior.
A malicious insider can disguise his/her attempts to copy data files containing personal information as innocent mistakes. Incorrect file permission settings can provide an opening for such an attack. A successful snooping attack that results in the copying of the sensitive data files amounts to theft of physical media.
Theft of Physical Media
Once off premises, any stolen physical media, such as backup tapes, USB drives, or other removable media can be freely interrogated and abused.
Server General TDE Response
- Data theft due to unauthorized privileged access
- Data integrity attacks
- Insider attacks
- Theft of physical media
- Strong data encryption and access control
- Data verification using checksums
- Strong access controls
- Strong data encryption with secure keys
The core Server General TDE components are data encryption engine, key management engine, access control engine and a logging engine. Each component performs a critical function in securing personal information stored on the server, and collectively they provide active countermeasures against each of the threat techniques. Only by providing the complete set of countermeasures can personal information stored in data files be truly secured.
Data Encryption Engine
Server General TDE includes a high-performance Data Encryption Engine, which provides strong encryption for all writes, and decryption for all reads. The Data Encryption Engine protects against theft of media, data images – even if intruders are able to obtain physical or electronic copies of data. The stolen data would be unusable without the decryption key. Any probing of files would only yield blocks of ciphertext.
Key Management Engine
The most important component of the Server General TDE is its Key Management Engine, which allows the customer to control their own encryption keys at all times. The encryption keys are stored in one or more key lockers deployed within the Server General global key management infrastructure or within customer’s own network. In both instances, the encryption keys are themselves wrapped in another layer of encryption using a master key (a passphrase) that is only known to the data owner. This way only cipher blobs are stored in key lockers preventing other parties from deciphering them. The key management system allows customers to generate strong keys of length of 256, rotate them on-demand, revoke any key at any time and store them in a secure location.
Access Control Engine
The Access Control Engine provides industrial strength identification and authentication mechanism that results in reduction of the ‘trust domain’. Only authorized Server General TDE administrators are able to access administrative functions: this one measure reduces the risk posed by rogue systems administrators (or any other entity that has progressed beyond perimeter security). The Access Control Engine also provides a critical capability which we call ‘protecting from the protectors’ – ‘root’ users who have access to the sensitive data directories on the server cannot access the personal information stored in the “cleartext” format. Their privileged access to the underlying storage subsystems would only yield blocks of ciphertext.
The Logging Engine logs every administrative operation related to Server General TDE. The logs are stored at four different locations – on the server itself and within our cloud infrastructure. These log files play a crucial role when it comes to security and compliance. In case of a regular server, an external or a malicious internal user can easily gain unauthorized access to the logged information and remove self incriminating entries. However, this is not possible with Server General TDE, as logs are being stored at multiple locations that are not under a single administrative control.
All of these techniques, when used individually or together, represent a comprehensive barrier to compromising personal information stored in a database or a file server. Server General TDE defeats attacks against the sensitive data sets stored on a server by providing specific countermeasures against each technique.
Server General TDE provides these enterprise-strength security measures unobtrusively – it was designed with this goal in mind. After, the simple installation process, there is no on-going maintenance required. Other utilities and client programs, that need access to the personal information stored in the protected data directories, will continue to operate as expected without modifications.
Server General TDE protects the sensitive data sets and answers California Senate Bill 1386 and California Assembly Bill 1950.