Cyber Security for Churches
November 1, 2022
What is Church Cybersecurity?
Church Cybersecurity (Church Cyber Security) is the implementation of specific Digital Security technologies that meet the operational needs of the Christian Church in the modern information age. Most traditional and historic Christian Churches are unaware of how many similar institutions of Faith that are the targets of Cyberattacks every day. Without the proper security in place, such Churches would have no knowledge that they also are targets. Modernization and transformation of the security posture, compliance level, and business practices of Churches is vital for safeguarding and upholding their operational integrity, in an ever-evolving Cyber Threat landscape. By placing measures to detect and prevent data loss, network penetration, business email compromise and other undesired breaches, Churches can achieve significantly reduced levels of Cyber Risk that are in line with, or surpass, the industry baseline standards of today.
Cybersecurity Strategies for Christian Churches
The most effective Cybersecurity Strategies for Christian Churches incorporate the following technologies:
Examples will be used to describe these Cybersecurity technologies. The aim of these examples is to illustrate the concept of how they work and to demonstrate how they can be used in real life scenarios. They are written to provide guidance about the benefits of using Cybersecurity to protect the digital assets, operations and resources of the Church.
Identity Security
For modern local networks and especially in Cloud based environments, Identity Security is the first line of defense in Cybersecurity. In every information technology environment, there exists data and applications that are accessed by users. An Identity and Access Management or IAM system provides management of both the Authentication of user accounts and the level of Authorization or Permissions these accounts are granted on the digital resources of an organization such as a corporation or Church.
User accounts are the primary gateway to resources, therefore, protecting them from malicious attacks that attempt to compromise is pivotal. If a user account is compromised, then all the resources that it has access to are also compromised. Depending on the resource and the access level of a user account, this can lead to significant data loss, information exposure or even work stoppages. Neither of these outcomes are wanted or desired, especially for a Church.
Cloud based IAM systems utilize sophisticated behavior-based models that analyze user account activity over time. The behavior model is used to identify suspicious or unusual activity within the sign-in process of a user account. The unusual activity can then be classified as malicious and prevented. Another security feature of IAM is Multifactor Authentication or MFA. MFA is a third credential that comes in the form of a challenge response. With MFA enabled on a user account, the user is required to enter their correct account credentials of username and password, and are also required to pass the MFA challenge in order to sign-in. When these three account requirements are successfully completed at the sign-in stage, the user account is then authenticated and allowed to access resources. The challenge response provides another layer of identity verification that is usually tied to a hardware device that the user has access to, such as a mobile phone.
For example, a user account is enabled with MFA. As part of the configuration process, the user provides their mobile phone number in addition to a numeric security code to be used in the MFA verification process. After the MFA configuration is complete, the user experiences a change in their account sign-in process. This new sign-in flow is observed when the user attempts to gain access to a work-related web email application. The user enters the correct account credentials for username and password at the application sign-in portal. The new MFA sign-in step occurs when the portal indicates to the user that a phone call is being made to a phone number. This phone number is the same number that the user had provided as a part of the MFA configuration process. The user answers the phone call initiated by the MFA system and is instructed to enter a numeric security code. To successfully pass the MFA challenge, the user must enter the identical numeric security code that they provided for the MFA configuration process. When the user enters the correct security code using the touch tone pad of their mobile phone, the user account is then successfully signed-in to the web email application.
MFA is one of the most fundamental IAM security protocols. Once implemented, it can significantly reduce the risk of unauthorized user account access and account compromise.
Network Security
Defending the perimeter or edge of a network will always be a priority factor in Cybersecurity and Cyber Defense. Blocking malicious traffic originating from external and internal sources, preventing unauthorized internal systems from reaching other sensitive internal network areas, and dropping traffic from internal systems that are destined to high risk external networks, are some of the foundational principles of protecting resources at the network level.
Modern Security Appliances or Next Generation Firewalls that protect network environments, must be equipped to securely route large volumes of network traffic between internal network segments, in addition to all the traffic that comes in from and goes out to the internet. This routing is done while scanning the traffic to detect and block threats. These threats include sophisticated network intrusions, application layer and file level attacks that originate from both outside and inside a network.
By using next generation network defense technologies such as Intrusion Detection, Intrusion Prevention, Application and URL filtering, file detention threat emulation and file threat extraction, Churches can reap the benefits of elevated and modern network security that provides protection on multiple layers and reduces risk and exposure in their network.
Cloud Network Security
Churches that utilize financial and operations management applications and data stored on cloud virtual machines or cloud application services, must ensure that these systems are properly protected by using security appliances that provide adequate levels and layers of Cyber Defense.
Cybersecurity for a cloud environment is a multifaceted process. Cloud resources by nature are designed to be globally accessible. Because of this design precept, securing a cloud network environment can be more challenging than securing a local network environment. A Cloud Network can consist of components that are somewhat traditional in nature, from a network infrastructure perspective, such as virtual machines that are attached to a cloud virtual network. Other cloud network components that are considered to be serverless or a software service, have a different structure and have fewer configurable options than a cloud virtual machine. In both instances, security is of the utmost importance because of the imminent possibility that either type of cloud solution can be fully exposed to the internet. Cybersecurity for a cloud virtual network involves the same basic principles of a local network. The routing, scanning, and securing of network traffic between virtual machines, virtual network segments and the internet can be managed by a virtual security appliance. A virtual security appliance used within a cloud virtual network, in most cases, is actually a virtual machine that comes preloaded with essentially the same security software, or secure operating system, that can be found on a physical security appliance. The virtual security appliance also retains the same security and traffic routing functionality and capabilities of a physical security appliance with additional advantages. One key advantage of a virtual security appliance is the ability to scale up or scale down to accommodate increased or decreased traffic flow respectively. This ability to increase or decrease the compute, storage, memory, and network throughput capacity of a system such as a virtual appliance, database server or virtual machine, is one of the primary reasons that drive the ever-increasing demand for cloud technologies.
Cloud networking also involves the use of systems that do not have to be connected to a virtual network and are almost entirely managed by the cloud provider. These types of systems are classified as serverless computing systems. In reality, these systems are actually virtual machines or virtual servers that run in an environment controlled and managed by the cloud provider. Administrators have a very limited range of control with respect to the configuration changes that can be made on these systems. Providing protection for serverless systems involves the use of a serverless security appliance or security as a service system, that do not need to be directly connected to a cloud virtual network. Instead, they protect other serverless systems like web applications, cloud databases, and application programming interface (API) gateways, by providing an almost invisible layer of protection. This is achieved by routing all the traffic that is designated for a specific serverless service like a web application to the IP address of the serverless security appliance. The most popular use case of this type of serverless security technology is a Web Application Firewall or WAF.
For example, the DNS domain name of a web application service directs internet traffic to the DNS domain name of a WAF. All internet traffic that is intended to reach the web application is first sent to the WAF. Client devices like desktops and phones that access the web application are unaware that they are sending their requests to the WAF. The WAF screens and filters the traffic so that it can identify and block any malicious traffic flows. If the WAF detects malicious traffic or activities such as an SQL Injection, Broken Access Control, Server-Side Request Forgery or Cross Site Scripting, it will block it and prevent it from reaching the web application service. Normal traffic flows are forwarded by the WAF to the web application. When the web application responds to a request from a client device, it sends the response to the WAF. The WAF then forwards the response to the client device. With this orchestrated flow, a client device essentially only sends and receives traffic form the WAF and does not directly interact with the web application itself.
The virtual security appliance and the WAF are examples of the advanced security options available to protect cloud systems and services used by Churches.
Hybrid Network Security
The most common Church network architecture incorporates a local network environment that provides access to the internet. Users on the local network sign-in to desktop systems and connect to local servers, printers, and operations resources and can access remote websites and cloud services accessible via the internet. Some larger Churches have extensive local networks and additionally may manage a cloud virtual network environment. When a local network infrastructure is joined, on the network level, to a cloud virtual network, the result is called a Hybrid Network.
Cybersecurity for a Hybrid Network combines the security requirements of a local network and those of a cloud network, with the additional overhead of maintaining and securing the flow of data between the two network locations or network sites. The connecting of two network sites can be accomplished by implementing different network technology methods. The most common and widely used method is called a Virtual Private Network (VPN) tunnel. The VPN tunnel is created by using IP Security or IPsec technology that involves the exchange of encryption keys over the internet or an Internet Key Exchange (IKE). The IKE uses the encryption keys to secure network traffic as it flows over the public internet between the two network sites. The network traffic is protected by using the keys to encrypt the network traffic flows and to ensure that the traffic flows between the sites are not exposed to the internet or tampered. The tunnel is created and maintained by two VPN gateways, one gateway in the form of a security appliance on the local network, and the other, a virtual security appliance attached to a cloud virtual network. The network traffic flows are encrypted by the security appliances before they are sent over the internet. When encrypted network traffic arrives at a destination VPN gateway, the traffic is decrypted, and is then routed to the appropriate network systems. This seamless secure flow of data between network sites allows the local network to be extended into the cloud. Considering the expansion of cloud edge technologies, the reverse can be observed as more cloud-controlled devices are deployed on the local network. This is where the cloud is extended to the local network. Additional systems that may be needed for expanded operations can now be easily created on a cloud virtual network and accessed directly by users and other systems on the local network. In a well architected hybrid network, to the local users, it may appear that a server they are accessing is on the local network, when in fact, it could be hundreds or thousands of miles away in a cloud network.
When managing two or more network sites, in a Hybrid Network configuration, considerations must be made with respect to which traffic flow directions are allowed and trusted. For example, network traffic that originates from systems on a cloud virtual network that are directed to systems on a local network, may not be allowed because that traffic is not trusted. However, network traffic that originates from systems on a local network that are directed to systems on a cloud network, are normally allowed because that traffic is trusted. This example illustrated a simple Zero Trust security model within a Hybrid Network Security Architecture, where the flow of network traffic from some network sites are trusted while others are not. Usually, the network sites with the higher Cyber Risks are not trusted by network sites with lower Cyber Risks.
Cloud Application Security
The data that is managed and access by cloud applications such as emails and documents require Cybersecurity that incorporates several security layers. These combined layers are used to detect and prevent suspicious activities with respect to user identity, application data access and malicious content.
Protecting user accounts is critical to provide verifiable secure access to application data. Cloud based Identity and Access Management (IAM) plays a key role as it provides a first layer of defense. User accounts and user sign-ins that have the lowest associated risk represent a reduced possibility of unauthorized data access. Enforcing the use of Multi Factor Authentication (MFA) and other identity-based security features, such as a user account safe sing-in model comparison, reduces risk and improves the validity of user authentication and data access authorization. The trusted exchange of user activity and threat intelligence information between Cloud Application Security systems and IAM systems can be used to determine if further protection protocols should be activated to safeguard applications and their respective data.
Detecting strange or unusual patterns in how a user account accesses data on a day-to-day basis is an important feature of Cloud Application Security. When a user accesses application data via an email or a document client over a period of time, the Cloud Application Security or CAS system creates a model of the expected daily activities or behavior of the user account. This behavior model would contain user account activity properties such as the number of files accessed, the volume of data downloaded, the number of files uploaded, and the applications accessed. If a user account exhibits an activity that is not defined in its behavior model, the CAS system will detect the unusual activity and determine that it is suspicious. It will then log the activity as an incident. Depending on the nature of the suspicious activity, the system will assess the associated risk of the incident and classify it as being either Low, Medium or High Risk. Based on the risk level of the incident, the CAS system can then activate a predefined security protocol which will include additional safeguards to protect the application data.
For example, a certain user has only accessed their work email and document applications with their user account for over three months. After the first full sign-in process, the user is able to sign-in to both applications without the need to enter their account credentials of username or password and are not required to take an MFA challenge. This is because the applications are using a non-interactive sign-in in the background, to authenticate the user account. The non-interactive sign-in safely stores the user account sign-in session information, which is periodically renewed automatically, and uses this stored account data to sign-in to the work applications. The user is now required to use a teleconferencing application so that they can work remotely. When the user signs-in to the teleconferencing application for the first time, the CAS system detects that the user is accessing an application that is not defined in their user account behavior model. This application sign-in activity is initially considered to be suspicious even though it is not malicious. As a result, the CAS system coordinates with the IAM system to initiate an account verification protocol before the user can access the new application. The IAM system requires that the user verifies their identity by entering their work account credentials of username and password and additionally passing an MFA challenge. Upon successful user account verification, the CAS system adds the new teleconferencing application to the list of applications defined in the user account behavior model. The CAS system can detect what applications a user signs-in to and can even prevent accounts from accessing unsecure or unsanctioned applications.
In continuing with the previous example, the same user is now required to read the training manuals for the teleconferencing application and other new applications that are scheduled to be released. These documents are in the form of large pdf files. The user decides to download all the training manuals using the work-related cloud document application. As the user begins to download the files, the user account is automatically signed-out of the cloud document application, along with all the other work applications that the account was signed-in to. The user account is automatically signed out because the CAS system detected an activity it considered to be a High Risk incident. The CAS system determined that the user account had not previously initiated a file download with that number of files and/or that volume of data. This type of file access activity was not defined in the user account behavior model. As a predefined security procedure, the CAS system signaled to the IAM system to initiate a forced sign-out of the user account from all work applications. For the user to regain access to any work applications and data, they are required to verify their user account credentials and pass the MFA challenge. With the ability to detect, identify and block unusual file level access activity, the CAS system can prevent unwanted data breaches and data exfiltration.
Malicious content in a cloud environment can lead to unprecedented damage and data loss. Viruses and malware that can detect, read, and infect neighboring files and systems can do so with alarming speeds in a cloud environment. The majority of data that is utilized by users are the main targets of this form of Cyberattack. User work emails and documents that are accessed by desktops, mobile apps and wed clients, are stored on cloud services and cloud storage systems, and are often interlinked to provide a smooth user experience for easy access and sharing. To protect these datastores, CAS systems utilize different technologies to detect and block infected files from entering into a cloud storage system. The systems can remove such files and retard the activity of those that, in the most undesired event, may enter in and become activate.
Email attacks come from many directions or attack vectors. The most common is a Phishing Attack. Phishing occurs when a user is sent an email that is designed to lure the user to expose their account credentials and enviably their cloud identity. The email will pose as a legitimate correspondence with a sender display name that is familiar, for example, an administrator, work college or even someone in HR or payroll. While the sender display name may be familiar or trusted by the user, the email address of the sender most likely would not be, but this detail is often overlooked and ignored. Most phishing attacks can be derailed, if users inspected the sender email address of a message by looking for any unusual spelling or domain names. But unfortunately, this procedure is not followed as often as it should be. Within a well-designed phishing email, there normally exist a company logo or some other trusted graphic symbol and a socially engineered statement such as, “Please login to the new payroll application and verify your bank information. If you do not do this within the next 24 hours, your next salary direct deposit will be delayed.” Or it may include a statement similar to this, “You have won the monthly office prize. Please sign in to claim your prize.” If a user is untrained and unaware, they may click the provided link in the malicious email message and will be directed to a deceptive, yet authentic looking sign-in portal where they will be directed to enter their user account credentials. If the user enters their account credentials, the portal can then display an error message stating that the credentials that were entered are invalid. This would be a false message, because, even if the right credentials are entered, the same message will be displayed by design. At this stage a user normally attempts to reenter their credentials several times. While the user is entering their credentials, in the background, the credentials they enter are being recorded and stored. The account credential information is saved and is later used to access the user account. Attempts to access the user account may come within seconds or minutes after the user begins to enter their account credentials at the malicious portal. If the user account is enabled with MFA, when the attacker enters stolen credentials into an application used by the company for work such as a mobile email application, cloud application or online sign-in portal, the user will receive the MFA challenge. If the user allows the MFA challenge, then the attacker will gain full access to their user account and the applications and subsequent data the account is authorized to access. This often leads to data exposure and depending on the access authorization level of the compromised user account, it could even be a substantial data breach. However, if the user declines the MFA challenge, they will block the attacker from signing-in to their user account. This situation would still present a very significant problem of a credential leak with respect to the user account. To remediate the credential leak, the user should change their password immediately and reject all MFA challenges until the change is complete. As a security practice, the user has to inform their system administrator immediately about the attack, preferably verbally over the phone.
Advanced attackers can take it even further and bypass the need for user credentials. If an untrained user clicks on the link in a well-designed phishing email, the attackers can acquire the active user account session information or session cookies. This would grant the account attackers immediate access to the compromised user account and authorized access to all applications and data, without the need for a username, password, or MFA verification. Advanced CAS security features that include email phishing detection capabilities can identify risky messages with malicious links, and automatically reroute them to an email quarantine container or delete them permanently. The CAS system can even detect unusual user account sign-in access activity such as Impossible Travel. For example, if a user account session information is stolen and an attacker initiates a sign-in sequence from another geographic location or country using the stolen session information, the CAS system can detect this activity and coordinate with the IAM system to initiate a security protocol that forcibly signs-out the user from all work applications. This would effectively render the stolen user session information useless as the IAM system would consider all the user account sessions to be invalid. When a user successfully signs-in again, the IAM system will then only validate new user account sessions.
For any Church with cloud operations, the use of CAS will undoubtedly enhance the security posture of the organization and protect its cloud applications and resources from multiple layers of Cyberattacks.
Endpoint Security
File and content-based attacks that aim to infect endpoint systems, local network storage and cloud file storage, is either downloaded from a malicious website, sent as an attachment in an email, embedded in the email content itself or can be distributed via sharing with a cloud document storage platform. Protecting endpoint systems such as servers, desktops, and mobile devices, from exploits and attacks that use these delivery paths, are at the forefront of Cybersecurity development.
Detecting and responding to these threats by removing malicious files and blocking harmful machine instructions form executing on endpoint systems, is known as Endpoint Detection and Response or EDR. An EDR system monitors and records activities and coordinates response actions on an endpoint by deploying an EDR sensor on the endpoint system. EDR is one of the technologies that is used in collaboration with an Advanced Treat Protection or ATP platform. An ATP platform or system provides an additional layer of security intelligence, event management and multilateral threat defense, as it facilitates enhanced communication, correlation, and coordination between other security components such as a Cloud Application Security (CAS) system and an Identity and Access Management (IAM) system. It also introduces advanced threat model detection technology and in-the-cloud file detonation exploit analysis. Advanced threat model detection can be used to identify suspicious file contents and file execution actions. The model is derived from the properties of a wide scope of malicious activities that occur globally over time. Overall, the advanced threat model is more accurate, refined, and sensitive to known and unknown Cyberattack variants. The unknown variants are new viruses, exploits and vulnerabilities that may or may not be publicly known or classified. They are referred to as Zero-Day attacks, exploits or vulnerabilities respectively. The extremely wide range and volume of sample data that is used to create an advanced threat model, enables the ATP system to more accurately calculate the probability of detecting infected files or harmful system activities observed on an endpoint.
For example, a new file is downloaded and is infected with a Zero-Day malware that cannot be detected by the EDR sensor. As a precautionary procedure, the EDR sensor communicates with the EDR system the existence of the newly downloaded file and the current threat status of the file which is neutral. The EDR system then instructs the EDR sensor to coordinate with the ATP system and upload a copy of the file, for deeper analysis. The unique data composition or binary signature of the file is recorded by the ATP system, and it is compared to other binary signatures that are collectively stored within the advanced threat model. If after the comparison the ATP system cannot decisively determine the threat status of the file, and the initial analysis is inconclusive, the ATP system will then initiate a file detonation exploit analysis or threat emulation process. To execute the threat emulation process, the ATP system would first create a virtual machine in a highly secure and isolated environment. The virtual machine is preloaded with a baseline operating system and the file is then copied into the virtual machine. The file is then accessed or detonated inside the virtual machine. As the file is detonated, the ATP system records the machine instructions and network activities that are executed by the file within the virtual machine. If the instructions and activities are determined to be non-threatening, the file is then classified as non-malicious. The ATP system will then delete both the virtual machine and the file and communicate the no threat status of the file to the EDR sensor. The file is then allowed to run or execute on the endpoint system. However, if the instructions and activities detected by the ATP system when the file is detonated, are determined to be harmful, then the file will be classified as malicious. The ATP system will then delete the virtual machine and the file and communicate the active threat status of the file to the EDR sensor. The EDR sensor will then prevent the file from being accessed, opened, or executed and place the file into quarantine, or delete it.
As the different security components work together with an ATP system in real time, they are able to detect attacks on different levels, at multiple locations and communicate threat intelligence information to each other. The threat intelligence information that is shared can be used to deploy synchronized security countermeasures that can block multiple attacks targeting endpoints and cloud resources simultaneously.
For example, a pdf file is downloaded from a website onto a work desktop computer and the EDR sensor cannot determine the threat status of the file. The EDR sensor then sends a copy of the file to the ATP system. The ATP system concludes that the file is malicious and observes the self-replicating nature of the file. The file is classified as a High Risk threat. The ATP system then communicates with the EDR sensor, the EDR system, and the CAS system simultaneously. The ATP system informs the ERD sensor that the file is malicious and sends the binary signature of the file and risk status of the file to the EDR sensor, EDR system and CAS system. The EDR sensor blocks the file from executing or being accessed by the user and initiates a full scan of the desktop operating system and local files. The EDR system updates its own threat model and includes the binary signature of the infected file. Infected files with the identical binary signature that are detected on other endpoint systems, are blocked, and deleted. The CAS system scans the files within the work cloud document storage and automatically blocks access to any file containing the binary signature of the infected file and deletes it. Additionally, because of the High Risk nature of the file, the CAS system coordinates with the IAM system to initiate a forced sign-out of all the users who accessed or stored the malicious file in their cloud document storage.
When a file that is infected is downloaded onto a system that is not protected with modern EDR or ATP technology, it can execute commands and instructions that can possibly take remote control of an endpoint system, spread the virus code to other files, replicate itself to other systems and network drives. Device remote control is one of the most intrusive and destructive forms of compromise that can affect a desktop, server, phone, tablet or even a cloud based virtual machine. When a device becomes infected with a command-and-control virus, it allows an unauthorized user the ability to administratively control every aspect of the device including the ability to install software and copy files and data to and from the device, from anywhere in the world.
Viruses that are not blocked on unprotected or inadequately shielded systems may result in the files and operating system of a computer or mobile device becoming maliciously encrypted, making the device unusable. On a larger scale, it can render an entire organization inoperable if it is allowed to maliciously encrypt, lock or delete all the production files and data used by an organization.
Malware that is sent via email can achieve the same disastrous objectives of device command and control or malicious encryption. It can also be used to acquire the active session information of a user account. Email based intrusion attacks are the most common and can be easily spread, giving them the most devastating potential with the ability to affect devices, user accounts, local network resources and cloud environments that the compromised user account has access to.
Churches can substantially benefit from the use of ATP and EDR to solidify their digital defenses and to protect their endpoint systems and operations data.
Mobile Device Security
Protecting mobile devices in a modern work environment is crucial. Organizations like Churches often overlook the need to protect phones and tables and the data they contain because of the assumption that they are not viable targets for attacks like desktops, servers, and cloud applications. Mobile devices and mobile data are some of the fastest growing Cyberattack targets today. This is largely due to the practice of organizations relying on users to supply their own mobile devices and use them to access company work resources like emails and files. This type of policy is known as a BYOD (Bring Your Own Device) policy. By using this policy, an organization can save financial resources by avoiding the need to purchase mobile hardware for users. This presents a considerable security risk because company data can be stored on a compromised user owned mobile device. Additionally, access to company resources through mobile applications on a compromised mobile device, can lead to user account compromise and data loss.
To protect against attacks on user owned mobile devices, a cloud based mobile device management platform or MDM platform is used. Within the MDM platform or system, user account, user group and device specific MDM policies can be created. The user account MDM policies can install cloud driven Advanced Threat Protection (ATP) with Endpoint Detection and Response (EDR) software on devices owned by a specific user. The installation is accomplished using several methods. One method involves the user signing-in to a special work portal mobile application. The user is then presented with an onscreen display indicating that their work organization is requesting to manage their device. The display also indicates the remote administrative capabilities that the organization will have over the device. Once the user agrees that their device can be managed by the organization, they would then have to click on the installation button, which will allow the MDM software and policy to be installed. After the installation process completes, the device will be enabled with ATP security including an EDR sensor, which will detect and prevent threats found in network connections as well as applications and files located on the mobile device.
In many instances where users do not desire to have the mobile devices they own, managed by their work organization, the organization can enforce a mobile application management policy or MAM policy. This MAM policy will provide protection of the application data that belongs to the organization, that is stored on a device owned by the user. This is accomplished by encrypting the work data including files and emails on the user mobile device. No other data on the device is affected by the MAM policy. Additionally, the policy can enforce measures that restrict the flow of work data to other applications on the device.
For example, if a user accesses a work document using a work application and attempts to copy information from the work document to a text application on their mobile phone, the MAM policy would block this activity. This data flow restriction can also be enforced by preventing the flow of data from other applications on the mobile phone, to applications and data protected by the MAM policy. Data encryption at rest and data flow restrictions between protected and unprotected applications and data, can greatly reduce the risk of data exfiltration on mobile devices.
In the unwanted event that a user mobile device is lost or stolen, both policies provide the capability of initiating a remote wipe. A remote wipe is the process of executing a data erase command, from the cloud device management platform, that deletes the organization data on a mobile device. If a mobile device is managed by the organization with a MDM policy, then the organization can either erase the data managed by the organization, or the entire device itself. Erasing the entire device is a full wipe, which will delete all files, applications and even the device operating system.
If the data on a mobile device is managed by the organization with a MAM policy, then the organization can only erase the data that it manages or owns.
Information Security
Information security is the definitive layer of any Cybersecurity strategy. Most organizations including Churches do not utilize the security features within Information Security because they either do not see the need for it or are unaware of the extensive capabilities of the technology. The lack of implementation may also be due to the limited range of data access permissions that are granted to operations personnel, within the hierarchy of most small and mid-sized Churches. If a Church organization desires to elevate the access requirements of sensitive files and data, thereby significantly increasing their compliance level, implementation of additional Information Security compliance policies can help to achieve that goal.
These compliance policies include the ability to categorize or classify data that is defined by information regulatory standards. These data regulatory sensitive types include Personally Identifiable Information (PII), Processing Card Industry Data Security Standards (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA). The compliance policies can also identify the individual sensitive datatypes that are grouped together to form an information regulatory standard. These individual sensitive datatypes can include a social security number, bank account number or medical record number.
The compliance policies are configured and managed by a Cloud Information Protection platform or CIP platform. The CIP platform or system natively scans all the data and files within the cloud environment and uses an on-premises scanner and sensors to discover files on local network storage drives. Data classification labels can then be manually or automatically appended to files. Appending a classification label to a file is a process known as sensitivity labeling. A file label contains software code that is inserted into the file when it is discovered. The label enables the file to be monitored and protected by the CIP system. A file label is defined and created by the compliance policy. The label is used to indicate the compliance classification or type of sensitive data that is stored within a file. The compliance policy can further define the access requirements for labeled files, and also the file level actions that are allowed on these files.
For example, a label of Highly Sensitive can be configured to tag files that contain social security numbers or HIPAA datatypes, and a label of Sensitive can be used to tag files that contain credit card numbers. The Highly Sensitive labeled files can be configured to receive an additional layer of encryption that extends outside of the cloud network or local network. In addition to this extra encryption, access rights can be applied to the labeled files. The access rights can be configured to only allow specific user accounts, with the appropriate authorization, to access files with specific labels. Another layer of security that may be applied can restrict access to labeled files from only managed devices. This type of restriction is enforced through device conditional access, which can restrict access to the Highly Sensitive labeled files from only devices managed by the organization. When a user attempts to access a file with a Highly Sensitive label, from a work laptop that is managed by a Church organization, the software code embedded in the file label signals to the CIP platform that an access request is made. The embedded software code or label software, then sends an interactive sign-in request to the IAM system and attempts to sign-in the user with the cached user account session information on the laptop. The IAM system then coordinates with the CIP system. The CIP system then instructs the IAM system to require the user to fully verify their account credentials, pass the MFA challenge, and verify that the device the user is accessing the Highly Sensitive labeled file from, is managed by the organization. The user is then presented with an onscreen sign-in portal window. Once the user successfully verifies their account credentials and passes the MFA challenge, the IAM system communicates with the MDM system to verify if the device is managed. The MDM system verifies that the device is managed and sends the confirmation to the IAM system. The IAM system then communicates with the CIP system that the user account requirements are successfully verified. The CIP system then determines if the user account has sufficient privileges to access the file. Once the user account access privileges are verified, the CIP system then signals to the IAM system, that the file access request is granted. The IAM system then allows the sign-in request. When the sign-in request is allowed, the label software then communicates with the CIP system to download and acquire the encryption keys needed to unlock and access the file. The CIP system allows the encryption keys to be downloaded and the file is opened for the user to access. The CIP system then begins to record the file level activities as the user interacts with the file. However, if the user attempted to access the Highly Sensitive labeled file and failed to successfully verify any of the access requirements, an error message would be displayed in the onscreen sign-in portal window, and the file would remain locked and encrypted.
File level activity controls can also be enforced that can manage the flow of data to and from the protected labeled files, and also the user actions that are allowed on the file. These file level activity controls include the copying of data to and from the file, the ability to edit the file, and even the option of printing the file can all be controlled by the compliance policy.
With this level of data access management, Churches can implement a more granular level of control or governance over the access of sensitive data both locally and globally.
With these security technologies customized and precisely figured, Christian Churches can realize tremendous gains by effectively reducing the attack surface area of their entire organization. Whether it be a desktop, phone, virtual machine, or cloud application, executing the right strategy and enforcing the right security policies will, in effect, cover each sector of Church Operations with the appropriate level of protection. Deployment of these security components will establish the foundations of Cyber Resilience for Ministry and Business Operations and elevate the Cybersecurity Readiness of the Church Organization from that of nonexistent to Passive, and with the potential to attain the level of Progressive.