You are here

You are here

Panama Papers expose Batman: 4 lessons for enterprise data security

Dustin Childs Sr Security Content Developer, Hewlett Packard Enterprise

With the publication of the Panama Papers, most reporters focused on shell companies and tax loopholes, but keen observers noted the biggest bombshell involves the revelation of Batman’s true identity—billionaire philanthropist Bruce Wayne.

“Over a year ago, an anonymous source contacted the Süddeutsche Zeitung (SZ) and submitted encrypted internal documents from Mossack Fonseca, a Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to cover up their business dealings, no matter how shady.” So begins the article titled “About the Panama Papers,” which can be found on an SZ website meant to allow public review of the shadowy activities of some of the world's wealthiest and most powerful individuals, from Russia to Gotham.

So it seems Mr. Wayne has leveraged his wealth from Wayne Enterprises through companies in Belize and Panama to fund his caped-crusading activities for some years now. Obviously, this is tongue-in-cheek humor. If Batman really is Bruce Wayne, then Superman must be some reporter working for the Daily Planet. It does, however, highlight the need to protect secrets. You may believe you don’t really have any secrets—especially not the secret identity type—but when you think about it, secrets are just data you don’t want others to access.

The Panama Papers are the latest in a series of exposures that should spur enterprises to re-evaluate how they protect themselves. While this may seem as daunting as cleaning up corruption in Gotham, there are four simple areas you should immediately review to determine your security posture.

1. Physical security: Lock your doors

Surely Batman must have a place, perhaps a cavern, where he parks the Batmobile. Clearly, he can’t just open the doors for reporters like Vicki Vale to walk around. Your assets also live inside a physical location that must be secured from outsiders. The first step in ensuring your data is protected in the virtual world is to lock the doors in the physical world.

2. Partner relations: Keep an eye on interactions

Even if your systems are secured, they may be undone by a partner’s flaws. When Commissioner Gordon turns on the Batsignal, everyone in Gotham can see it. That might not be a problem for the Dark Knight, but chances are you need communications with your partners to be secure. Auditing how partner interactions occur can reveal security gaps before the bad guys have a chance to exploit them.

3. Data encryption: Assume a breach is imminent

Considering how many people he has put there, Batman likely has extensive files on the inmates at Arkham Asylum. These files must be encrypted to ensure the information doesn’t fall into the wrong hands, both while the information is in the Batcomputer (data at rest) and when sent to the Justice League (data in transit). The data your enterprise relies on must also be adequately protected, even if it doesn’t include the blood type for Killer Croc.

4. Insider threats: Now behave!

Since the most insane supercriminals in the world haven’t defeated him yet, Batman’s true downfall may come from someone he trusts. While it’s well known that Bruce Wayne trusts his personal assistant, Batman can’t have someone like that hanging around. Similarly, your enterprise must be protected from those who already have access to it. Employing appropriate measures like network segmentation and access control lists help ensure you’ll never need to curse a sudden but inevitable betrayal. Not sure who you can trust? Get some help by using behavioral analytics to help spot the Jokers hiding in your midst.

Note to self: We do not live in caves

In some ways, the Panama Papers should be a wake-up call to enterprises looking to protect their assets. However, if Julian Assange, Chelsea Manning, and Edward Snowden haven’t already spurred them to action, perhaps we do need to turn to Bruce Wayne for inspiration. Much like fighting crime, security is a never-ending campaign against the forces of darkness. 

Keep learning

Read more articles about: SecurityData Security