The classic science-fiction film trilogy provides valuable lessons for enterprise security teams on how to protect the network and sensitive corporate data.
Friday marks the 35-year anniversary of the release of Return of the Jedi, the final chapter of the original Star Wars trilogy. In the three-and-a-half decades since, people have been watching these films for several reasons: They're classic examples of storytelling, pitting the forces of good vs evil; their special effects changed the way movies were made; they launched the careers of Hollywood stars; and - let’s face it - Jedi Knights, the Force, Darth Vader, and lightsabers are all pretty darn cool.
Part of the lasting legacy and continued success of the Star Wars franchise is the mythical role of the Jedi. They were knights charged with keeping peace and order across the sprawling universe, which is no easy task. Talk about an enormous attack surface! And if you think today’s nation-state attacks are bad, just take a look at what Darth Vader and the Empire tried to do to the people and planets that stood in their way. A data breach may not be quite as catastrophic as the entire planet of Alderaan being blown up by the Death Star, but it can still have a big impact on your company.
Your IT security team probably does not have the luxury of Jedi mind tricks to convince hackers “This is not the data you’re looking for,” or have the ability to harness the Force to prevent breaches. But that doesn’t mean it can’t learn a few valuable lessons from the events that took place a long time ago in a galaxy far, far away.
In this slideshow, we take a look at some interesting lessons that your IT and security teams can take away from the original Star Wars trilogy.
Reuven Harrison is CTO and Co-Founder of Tufin. He has more than 20 years of software development experience, holding two key senior developer positions at Check Point Software, as well other key positions at Capsule Technologies and ECS. He received a Bachelor's degree in Mathematics and Philosophy from Tel Aviv University.
You’re only as strong as your weakest link
When you look at the Rebels’ successful attack on the Death Star, it’s clear they took a hacker’s mentality. They identified a single weak link/vulnerability – a 2-meter wide thermal exhaust port leading directly to the reactor system – and took a creative approach to exploiting it. Hackers are doing the same thing to identify weaknesses across expanding attack surfaces.
The attack on the death star makes the case for network segmentation
Network segmentation is a best practice to enable the enterprise to add additional layers of protection around sensitive data to isolate these assets from the touch of would be hackers and unauthorized users. If the Empire had used an approach emphasizing network segmentation (or better yet, microsegmentation) the attack on that exhaust port would have been contained locally before spreading to the reactor. Essentially, their failure to deploy proper segmentation is a turning point upon which the fate of the galaxy changed.
Learn from your mistakes or risk history repeating itself
For all of its sophistication, the Empire stunk at learning from mistakes. They built a second Death Star with the same flaw as the first, allowing the Rebels to exploit it in the same way a few years later, this time causing even greater destruction. Had the Empire’s systems learned from previous security breaches, they could have made it tougher for the Rebels to blow up the second one. In the security world, we see the same types of easily-avoidable breaches – Amazon S3 bucket misconfigurations, for example – repeated over and over again.
DevOps is not necessarily the dark side
Much like IT security teams, the Jedi were responsible for maintaining order in the galaxy. Words like process and compliance are meaningful to them. Contrast that with the Dark Side – a group more interested in leveraging power to achieve results, much like DevOps teams – and you can see a parallel with DevOps teams that may sacrifice order and security best practices at the altar of flexibility and fast time-to-market. When these forces battle, it leads to war and bloodshed. But when they come together (Darth Vader helping his son Luke topple the Emperor), a balance in the Force is achieved and the universe benefits. When IT/Security and DevOps come together, the enterprise benefits.
The importance of AI and machine learning
For all of the heroics we see from Luke, Leia and Han Solo, where would they be without the help of machine learning? Probably squashed in a trash compactor half-way through the first movie. The droids in Star Wars – machines that can adapt, learn and creatively solve problems on their own – are unsung heroes in the films, with R2-D2 and, to some extent, C-3PO constantly coming to the rescue of their human, alien and Wookie counterparts. Security teams need to harness the power of AI and machine learning to supplement their team’s knowledge and capabilities.
When all else fails, listen to Yoda
Luke’s training sessions with Yoda were critical to his development as a Jedi, largely in part because of the wisdom the 900+ year-old Jedi master accumulated over centuries of experience. There are dozens of lessons that security teams can learn from Yoda, including:
- “Do. Or do not. There is no try.” – When companies experience a data breach, the last thing that customers whose information has been accessed want to hear is excuses or rationale. Enterprises are responsible for protecting data; failures will result in severe consequences, no matter how hard you tried to prevent it.
- “Adventure. Excitement. A Jedi craves not these things.” – With Jedi, as with security teams, the preference is for peace and order over battle. The responsibility ultimately falls on the network security and IT decision-makers to arm themselves and the organization with the right set of tools to prevent attacks rather than fight against them.
- Luke: “I’m looking for someone.” Yoda: “Found someone, you have.” – Much of Yoda’s early advice was about not overlooking the obvious and focusing on what’s in front of you. Security teams need to make sure to do the same thing: Securing their network as it is, which means eliminating simple misconfigurations right in front of their nose.