Security: The threat within is greater than you think
Published: 12 Jan 2005 13:40 GMT
A company’s biggest security threat isn't the sinister hacker trying to break into the corporate network, but employees and partners with easy access to company information.
Just ask Apple, which filed two lawsuits in December accusing insiders and partners of leaking proprietary information. In one case, Apple is suing two men it says distributed pre-release versions of Tiger, the next iteration of Mac OS X. In a separate action, it is suing unnamed individuals who leaked details about a forthcoming music device code-named Asteroid.
Apple is not the only company that's found sensitive internal information leaked to the public. Big names such as AOL, Microsoft and Cisco have also been victims. Research indicates that most security breaches are inside jobs. A recent Ponemon Institute survey of 163 Fortune 1000 companies found that roughly 70 percent of all reported security breaches were due to insiders.
"It's much more glamorous to think of the hacker who works for some large cybercrime ring," said Larry Ponemon, head of the think tank. "But in reality, those characters only make up a small percent of the problem."
For more than a decade, corporations have erected digital perimeters to keep outsiders off their networks. But now discontented, reckless and greedy employees, and disgruntled former workers, can all be bigger threats than the mysterious hacker. And as more companies outsource portions of their business, vital company information can easily fall into the wrong hands.
Securing information from the inside has been largely overlooked by many companies. But headline-grabbing incidents such as the one at Apple, along with new federal and state regulations for protecting private information, are causing many companies to rethink their security strategies from the inside out. As a result, a whole new class of products has sprung up aimed at keeping employees and other insiders from sending confidential information outside the company.
Developing new techniques
In addition to products that control who gets access to what information, a slew of new start-ups focus on securing digital content and watching where it goes.
Products in this category vary in their approach. Some focus solely on protecting intellectual property from being leaked, while others also perform forensics analysis, digital rights management and security policy management.
Some products from companies like Vontu and Vericept act as gateways in the network to track sensitive information that is being sent outside of the network. They monitor email, instant messages, FTP files and other electronic communications on corporate networks, sniffing for leaks of Social Security numbers and other sensitive information.
But gateways aren't perfect. They only prevent information from being electronically sent over the network. They do nothing to prevent people from downloading files or printing documents.
Jon Oltsik, senior analyst with Enterprise Strategy Group, says technology must also exist on PCs and other devices not only to monitor what data is traversing the network, but to establish and enforce policies regarding printing and downloading information onto disks or USB devices.
Companies such as Authentica and Liquid Machines sit on the client machine tracking and limiting how recipients handle certain information.
"There isn't one technology that will solve this problem," Oltsik said. "You really need to take a combination of approaches."
Previous
Did you find this article useful?
171 out of 367 people found this useful
- Share this article:
