Whitepaper:
How to address the technological and organizational challenges in detecting malware?
Malware has become so pervasive and so destructive that even actions as trivial as booting up your computer or opening an e-mail are a cybersecurity risk. At a time when 92% of the western world’s data is stored in the US[1] through Cloud services, not only state security is at stake, but companies and individuals are also exposed to increasing financial, legal, privacy and intellectual property risks.
Cybersecurity depends significantly on the extent to which one has control over one’s own data and the systems that process them, and therefore raises the issue of digital sovereignty. Dealt with at the European level, this is far from being a protectionist posture, it simply requires that a State or a company should not be dependent on another State or a company subject to the laws of another State for the storage, capture, protection or use of their data.
Organizations often use a trusted third party to manage their data and information systems in the Cloud. The service provider supplies SaaS and storage space in data centers, most of which are located abroad.
While the service provider is responsible for ensuring data security, the laws and regulations of the country, in which it is located, apply. In some cases, the country where the data center is, may legally have access to the data (for example, under the Cloud Act in the United States).
For example, if you are using one of the well-known antivirus software, your data might be stored in a data center in the United States, China or Russia. In those countries, rules and regulations regarding transparency, personal data protection and confidentiality do not necessarily comply with European regulations.
In March 2021 in a joint letter, former German Chancellor Angela Merkel, Danish Prime Minister Mette Frederiksen, Estonian Prime Minister Kaja Kallas and Finnish Prime Minister Sanna Marin agreed that it is “time for Europe to achieve digital sovereignty”[2].
In France, in the wake of the pandemic, the government has tackled the problem by adding a cybersecurity component to its Plan France Relance, which supports and finances public administrations in their efforts to improve cybersecurity.
The GDPR (General Data Protection Regulation) enacted in 2016, is an example of European digital sovereignty. Under this regulation, an organization, no matter where it is located, must comply with the GDPR from the moment it wishes to conduct business with European consumers. A fine of nearly €20 million or up to 4% of global turnover awaits companies that do not comply with GDPR obligations.
“Abroad” is a broad term and it is impossible to completely isolate solutions that circulate on the Internet. This means that before choosing an endpoint security solution, a company should try to check as many technical and legal aspects as possible in order to assess potential risks.
Cloud-based endpoint protection software has the advantage of not cluttering the users’ computers because a good part of the solution is delocalized to a cloud-based server. Instead of analyzing the events happening on your computer locally, every time you browse a URL, open a file, execute a program, etc., some information is sent to a cloud-based server to be scanned for malware. One of the main advantages of this solution, besides processing speed, is that the software is updated centrally for all users. In addition, the system can monitor all the activity in your organization and detect suspicious behavior, such as a file being opened simultaneously on a large number of computers.
However, the problem with this type of solution is that you are sending your data to a third party in the cloud, which may be located where data protection regulations are different and present a risk of data being wrongfully used.
To mitigate the problem, some products choose to not send the file contents to their server in the Cloud and only send metadata (data that describes the file), such as file name, size, file type, name of author, date of creation and a fingerprint of the content. This approach does not fully address the potential problem, as it still leaks sensitive information about the organization. Therefore, the only way to ensure that data is fully protected is to ensure that it will be hosted in a country with strong regulations such those of the EU countries. Questioning where your detection is happening is the best way to ensure your data is safe.
The issue of digital sovereignty is being addressed by concrete decisions in France and in Europe to develop sovereign cloud solutions and encourage European companies to prefer local solutions. Especially when these companies use data that is considered sensitive.
Sovereignty is not only about data. It is also about being able to trust the vendor of your cybersecurity solution. The digital sovereignty issue has been made more obvious with the war in Ukraine because suddenly many countries have started imposing restrictions based on the software’s origin (especially for defense issues). For example, software developed in Russia, presents a risk that the government may force the editor to introduce a change in the code that would allow a cyber-attack. Likewise, the Russian government mandated restrictions on the use of software developed by foreign companies.
To complicate matters further, all modern technology, and specially software, have complex, and sometimes opaque supply chains in which an editor’s product may rely on third party software components, which use sub-components from other editors and so on, creating a chain of dependencies with several levels of depth. So, it’s not just about data, it’s about transparency, control and visibility into what’s going on with the software or the technology used to process the data. Opting for a French or European provider implies compliance with local laws, which offers an additional guarantee.
QFlow is a sovereign, cloud ready platform, enabling SOCs, CERTs and security service providers to customize, optimize and unify their defense against malware and provides transparency on different tools and technologies, which are a part of the solution.
Request a demo to learn more about QFlow.
[1] https://www.weforum.org/agenda/2021/03/europe-digital-sovereignty/
[2] https://www.politico.eu/wp-content/uploads/2021/03/01/DE-DK-FI-EE-Letter-to-COM-President-on-Digital-Sovereignty_final.pdf
Whitepaper:
How to address the technological and organizational challenges in detecting malware?