Cybersafety Essentials for Transferring Data

In the ever-evolving world of technology, data migrations have become a common occurrence. However, these transitions can pose significant risks if not managed properly. Here are some key points to consider for a secure data migration.

Firstly, migration hosts should be placed in a dedicated subnet with strict egress rules. This helps to control the flow of data and protect the system from potential threats.

Secondly, the importance of securing artifacts cannot be overstated. Artifacts should be signed, and checksums should be used for each file. Hashes should be verified at the destination before ingestion to ensure the integrity of the data.

Attackers often target rushed workarounds, default settings, and forgotten access tokens during migrations. Therefore, it's crucial to be vigilant and address these potential vulnerabilities. The most significant migration risks come from credentials and service accounts with excessive rights.

Data migrations involve every system, team, and vendor. Shrinking the blast radius can be achieved through data inventory and minimization. This process involves discovering what data exists, who uses it, and what regulations apply. Data teams should classify records by sensitivity and decide what must move, what to archive, and what to delete.

Security maturity still lags the pace of cloud and artificial intelligence adoption. Leaders should treat migrations as high-stakes changes and build security into each step. Every package and script on jump hosts should be scanned before the migration, and they should be locked from new installs during the freeze.

Encrypting data is another crucial aspect of secure migrations. This involves using modern Transport Layer Security (TLS) and strong, vetted algorithms. Encrypting data end-to-end and separating key control is recommended for added security.

The CL0P ransomware group exploited Progress MOVEit in 2023, using it as a doorway into connected databases and stealing large amounts of data. This incident underscores the importance of locking down identities and privileges during the migration window.

Baseline controls from CISA's performance goals, including multi-factor authentication, hardened configuration, and continuous monitoring, should be implemented. Allowed destinations should be specified, and outbound internet should be blocked where possible.

The Cloud Security Alliance analysis of the Snowflake incident offers practical detection and response lessons. Organizations needed an average of 194 days in 2024 to detect and identify a breach. This highlights the importance of proactive measures.

Government agencies published guidance and fixes after the attacks spread. A tabletop exercise should be run to walk through a compromised admin token during cutover, prewriting customer and regulator notifications, and keeping a rollback plan.

Unfortunately, the organization that alerted CISA in June 2024 about increased threat activity targeting Snowflake customer accounts and recommended customers to look for unusual activity and apply special-case controls could not be identified in the provided search results.

In conclusion, secure data migrations require a comprehensive approach, encompassing data inventory, secure artifact handling, strong encryption, and stringent access controls. By following best practices and staying vigilant, organizations can mitigate the risks associated with data migrations.