Linux has come a long way since its humble beginnings as Finnish student Linus Torvalds’ pet project. With over 27.8 million lines of code to its name and its rise as the OS of choice for servers, public cloud, and supercomputers, Linux has earned an unmistakable spot among the top operating systems in the world today. Not only that, but the world’s most popular mobile operating system, Android, also uses a Linux kernel.
In the workplace, Linux has long been developers’ go-to OS and has fared better in the technical rather than the business environment. However, with most organizations now requiring an IT department and digitalization efforts pushing them to often develop their own tools and applications to serve their particular needs, many company networks now include computers running on Linux.
Add to this its cost-effectiveness – it is, after all, free – and what is considered increased security with zero effort, and it shouldn’t come as a surprise that many organizations are turning to Linux and its many distributions, from Debian, Centos, and Ubuntu to Red Hat’s Rhel and Microsoft’s CBL-Mariner. But while its status as one of the world’s biggest open-source projects is undeniable, its rumored invulnerability is a misleading myth. Let’s look at what data security looks like on Linux and the often-exaggerated claims that accompany it.
1. Because it’s open-source, Linux is more secure
The number of contributors to Linux’s source code is staggering: over 15,000 developers from approximately 1,500 companies have contributed to it since 2005. The assumption is that, with so many developers working on the code, the chance of vulnerabilities and bugs being detected is high. However, because Linux is a community-based project and all developers can contribute to it, it does not mean they are security experts or aware of the latest security issues to look out for.
This essentially means that the Linux system, like all OS, is not foolproof. With its millions of lines of code and numerous Linux distros, developers are likely to overlook security holes as much as any other programmers working on better-known operating systems. Thus, dismissing security concerns simply because your employees are Linux users can be a dangerous misstep. Therefore, it is important that organizations put advanced security measures in place for Linux as well.
2.There are no Linux viruses and malware
Because of its relatively modest desktop market share, many believe Linux is free from the threat of viruses and malware that plague Windows and, to a lesser extent, Unix-based macOS. However, its popularity as an OS for web servers and supercomputers has drawn the attention of cybercriminals looking to do serious damage or deploy cryptocurrency miners on servers.
From the SpeakUp backdoor Trojan used to attack Chinese Linux servers earlier this year to the recurring plague of Mirai, there are enough threats to Linux security to call into question the myth of its invulnerability. Companies, therefore, need to ensure that their endpoints running Linux also have cybersecurity software such as antivirus solutions and firewalls installed and a clear plan of action in case of a cyberattack.
3. Linux makes data protection a breeze
Due to the reduced risk of cyberattacks and the limited number of hackers willing to waste their time breaking into a Linux-running computer, data on them is believed to be more secure and, therefore, easier to protect. The US National Security Agency (NSA) developed Security-Enhanced Linux (SELinux) also allows administrators to configure access controls and permissions for the applications, processes, and files on a Linux system. However, it does not protect data from employees who need access to sensitive data to perform their daily tasks.
As such, often when it comes to data protection, the main problem is not so much the relentless attacks of outsiders but the negligence of insiders that puts sensitive information at risk. A third of all data loss, in fact, occurs because of careless employees. Essentially this means that data is vulnerable because of computers’ own authorized users rather than the operating system they are running on.
Everything from accidentally sent emails and forgotten USB drives to information copy-pasted onto public forums or uploaded onto insecure third-party cloud services can happen whether someone is a Linux, macOS, or Windows user. For this reason, companies must not neglect data loss prevention measures and look for products that support their Linux distribution of choice.
Data security is no longer optional
Nowadays, companies are not only advised to protect their customers’ sensitive data but are increasingly required to do so by law. Everywhere, from the US and Japan to the EU and its notorious General Data Protection Regulation (GDPR), organizations face fines at every corner if they are found to be negligent in taking the necessary measures to protect sensitive information.
Companies choosing Linux must therefore be aware that, despite the myths that paint Linux as an invulnerable operating system, it is, like all software, subject to vulnerabilities that can be exploited by outsiders and, more worryingly, can easily fall victim to the biggest threat to data security of all: plain human error.
Looking for a Data Loss Prevention solution? Check our DLP for Linux.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.