Vital Lessons from the OPM Hack

Vital Lessons from the OPM Hack

The Office of Personnel Management (OPM), responsible for keeping the records of civilian federal employees in the US, was hacked in April – but this was only recently revealed by the US government.

The whole thing was said to be simply due to social engineering and bad credential management with contractors – most of which can be combated by education and training.

You can read more about the hack here.

We thought it would be beneficial to briefly go over some vital lessons from the OPM hack, as they apply to many legacy enterprise file systems.

Auditing and Access Controls

Once the hackers were in the door (which was apparently a fairly easy process), they were free to run amok. Even worse, though, is that the OPM had a lack of auditing and data management software to understand the scope of the security failure. Additionally, stealing files and sensitive data was easy considering even the lack of basic file encryption.

Modern cloud solutions like Box employ numerous encryption techniques, are compliant to a number of government policies, and have expansive audit capabilities for IT security administrators. This includes detailed logs of where access is coming from and exactly who’s doing what once they’re in the system.

Legacy Systems Are, Well… Old

They’re also becoming more expensive. Finding people with expertise in legacy systems coded with older languages requires a great deal of financial incentive, as most of the people fluent in those methods are retiring.

OPM was using COBOL for most of their systems, which is a coding language that has been around since 1959 and isn’t getting more popular. For some perspective, here are the job prospects for people fluent in COBOL versus other languages:

COBOL Job Prospects

Photo credit:

Newer solutions, whether cloud hosted by third-parties or created by your IT team, have a plethora of resources online for adding extra security, like encryption libraries or open source projects like OWASP, dedicated to providing more hardened security tools.

Look To The Cloud

Perhaps it’s time for a modern change? Cloud software is hardened against attacks, and offers much less strain on IT Security teams than home-baked legacy systems running antiquated code. Many solutions offer multi-factor authentication in case some user credentials are compromised, and offer web and mobile ready tools for keeping up with trends.

With Box securing files for the US Department of Justice and Amazon’s introduction of GovCloud, it’s becoming apparent that the cloud is the best option for enterprise file-sharing, collaboration, and large volume data storage – because even the government is doing it.

You should never take information security lightly – migrate off your legacy systems and into something more secure and cost effective today with Mover.

Follow us on our Twitter, LinkedIn, and Facebook pages for more cloud related news & opinions!

Migrate Your Entire Company to Office 365 Without Leaving Your Browser.