Rogue One: A Star Wars Story is an international hit, grossing over 357 million worldwide in its first week and breaking the mold for the sci-fi space opera franchise. The untold story of the crack team of rebel commandos who steal the plans to the galaxy’s ultimate weapon—the Death Star—is being praised by audiences and critics alike for its innovative approach and its fearless direction.
After multiple viewings, when one has taken into account the new characters, impressive score and the overall thrust of the plot, it’s possible to relax a bit and think of other interesting concepts in Rogue One. From the perspective of an MSP, it’s interesting to think of the loss of the Death Star plans as a major data loss event for the Empire—essentially, a large scale organization with multiple (trillions?) of endpoints—and how their in-house processes failed. If only they had an MSP who could act as a galactic vCIO to provide up-to-date knowledge and expertise, the Empire may have withstood their security breach with their plans safeguarded and intact.
Let’s look at a few ways the Empire could have benefitted from an MSP.
Note: Before going any further, please note there are minor spoilers that follow.
Dependence on Physical Media
Data tapes? Really? Rogue One may have taken place “a long time ago in a galaxy far, far away,” but it’s hard to believe the Empire wouldn’t employ a cloud-based data architecture of any kind. All too often, major organizations are even today still relying on physical media to store and house their backed-up data instead of moving to a cloud-based solution.
In essence, the Rebel Alliance hacked their way into the Empire’s data center. The real twist of the knife is that the Rebel Alliance’s operation would have been impossible if the Empire was using a fully-managed BDR solution that utilized offsite replication and data redundancy across multiple sites. If so, once the attack on Scarif started, the Empire would have been able to delete their files at their Scarif data center with the security that they were backed up across numerous other sites. And what’s more, the plans themselves could have been split across multiple sites, making the odds of ever stealing the full plans nearly impossible.
Weak Encryption/ No Encryption
Once the Rebel Alliance stole the plans, it took them absolutely no time to open and look through all the data they’d stolen. A proper security posture would call for data like this to be encrypted in strict compliance to regulatory standards. With encryption, the Alliance may have been stalled long enough for Darth Vader to retrieve the data, or may have never been able to read the plans at all.
After realizing there was no physical way off Scarif, the rebels decided to opt for plan B—to wirelessly transmit the plans to the Rebel Fleet waiting for them above the planetary shield. They did this utilizing the Empire’s own transmitter, which was easy enough to do because there were no firewalls of any kind in place. This lax security posture allowed Jyn Erso, Cassian Andor and K2SO to effectively walk in and start using the Empire’s machinery for their own purposes.
Luke Skywalker said it clearly to the Emperor in Return of the Jedi: “Your overconfidence is your weakness.” And as with any CEO, the precedent put forth at the top pervades the entire organization. The empire was overconfident in their physical media, physical security and in-house operations, with lax security controls and outdated best practices. They clearly did not have a recent assessment from an external firm, who would have been quick to point all of this out.
The Empire should have hired an MSP to operate as their vCIO to assess their overall posture to data backup, disaster recovery and security who would be able to implement software and services to bring them into regulatory compliance.
After all, Darth Vader can only mitigate so many problems. Once data is gone, it’s already too late—and that’s a bitter reality that even the Force can’t change.
By Lily Teplow
By Brian Downey
By Dave LeClair