Data Risks Come From All Over

By  Stephanie Blanchard, Digital Editor — November 04, 2013

Edward Snowden was a contractor with Booz Allen Hamilton. Angry with the way information was collected by the NSA, the systems administrator decided to expose details about the program. Bradley Manning was a U.S. Army private and intelligence analyst who released confidential documents to Wikileaks. In July, Manning was found guilty of espionage. As of press time, Snowden was taking refuge in Russia.

Enterprises are concerned about privileged users causing the same type of data breaches in their own organizations, a concern which has increased over the last several years and skyrocketed upon publicity of the above mentioned cases. According to research conducted by Enterprise Strategy Group on behalf of Vormetric, 45% of Fortune 1000 companies have increased awareness specifically because of the Snowden incident. However, only 4% believe insider threats are much easier to detect/prevent today than they were in 2011, and 20% think it’s actually much more difficult.

Aware and Active
The next step after awareness is action. Out of those surveyed, 53% plan on increasing their security budgets in response to insider threats. The real question is: How can IT do their jobs while reducing exposure? Alan Kessler, CEO, Vormetric, offers three steps.

  • Agree what the sensitive data is. Sometimes there isn’t alignment within the organization. That’s a problem.
  • Understand where this data is. Organizations are often shocked to find sensitive information is spread across networks.
  • Protect that information. Blind the users from seeing such data unless they have a need to know.
A variety of solutions exist to do just that, Kessler noted. There’s encryption, or other approaches like data leak protection. Then there’s a data firewall that requires users or applications to pass a set of authentication rules before access is granted.

When CIOs are asked why aren’t they blinding data now? Wouldn’t that make you sleep better at night? The response tends to be: “There hasn’t been easy, transparent cost-effective method before.” Or, “Who else is doing it?”

While highly regulated industries will more aggressively pursue new security opportunities, other industries are less risk averse and rather weary of taking chance with new technology. They need to know it works.

The Cloud Problem
“As human beings we want to trust our own people,” Kessler said. “The trick is, I don’t know who is managing the cloud.”

As BYOD and mobile devices are now prevalent, more info is being stored centrally in the cloud. IT admins generally have access to all of it. But it’s not just the disgruntled employee putting the company at risk, but the authorized user who makes a mistake. And there are more authorized users than ever, from employees to contractors and any partners doing business with the company. Combine that with growing network traffic, sophisticated cyber-attacks and a lack of real-time monitoring, and an enterprise is completely exposed – and it’s unacceptable.

“The bad guys are getting in and compromising our credentials and ‘becoming us’,” Kessler said. And these cyber thieves go wherever the market is. Traditionally that has been PCs, but now the mobile market is ripe and pretty rich for hacking. “If the past repeats itself,” Kessler warned, protecting mobile devices will become imperative.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 3.8 (4 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

EKN Research: How Mobile is Driving Personalized Context and Engagement

Retailers and hospitality enterprises are well aware that mobile technologies must be driving consistently high standards of in-store or in-location customer engagement. These are key imperatives for customer relevance, financial gains, loyalty and brand advocacy. However, more often than not, such standards break-down in stores due to a wide variety of reasons. Download this benchmark report to understand how mobile is driving a more personalized engagement and key business pains, performance and capabilities related to in-store customer engagement.