How to stop your data leaking
Ruby Bayan
Published: 07 Sep 2004 13:35 BST
One of the most debilitating IT headaches strikes when confidential data leaks out of the company's network and trickles into the hands of malicious users. No matter how robust your technology is, or how intuitive your detection systems are, restricted data somehow manages to seep through the least guarded nooks and crannies of the enterprise.
Our experts said that the usual and most overlooked sources of data leakage are slapdash database privileges, plain ol' email, and slipshod security policies. Here are some recommended strategies and brand-name solutions.
Stop 'broad-brush' database privileges
According to Chris Johnson, senior manager of product management at BMC Software, misuse by "authorised but unethical" employees can lead to data leakage in the database environment.
Johnson provided three scenarios and recommendations for keeping data protected:
- Scenario: An end user who has more database privileges than is really needed, because it can be difficult and/or time consuming to give each person the exact permissions needed. This is typically not done for average users, but non-IT "super users". Senior personnel may be able to demand this kind of privilege.
Recommendation: "For end users, there really is no excuse for using broad-brush privileges. If I were an IT director today (I have been one before), I would insist on a frequent review of who has what privileges and why. Companies need to decide if they are more interested in security or convenience...Security should win this race in nine out of 10 enterprises." - Scenario: DBAs and network admins who need very powerful privileges to do their job. Although you may be able to limit this privilege to a very small number of people, there is always a DBA who could potentially look at all of your data, and a storage administrator who has copies of your database backups and so on. If an individual isn't trustworthy, there is no limit to potential leakage.
Recommendation: "For privileged users like DBAs and sys admins, you can use the above approach to a point -- there is no reason to give DBAs access to every database in your enterprise, just the ones they personally work on. When I was an IT director, my policy was to have the 'primary' DBA for each system define and keep the user IDs and passwords private to themselves, but provide copies to me and the data center manager to keep in a 'lock box' in case the primary DBA isn't available. This is a low-tech way to prevent over-distribution of very powerful user IDs and passwords." - Scenario: IT users who don't personally need powerful privileges, but by the nature of their job have the potential to use someone else's privileges. A typical case would be a lower-level data center operations employee who manages the production scheduling environment. Many scheduled jobs will include DBA or sys admin user IDs and passwords. This is a significant threat because a less experienced, possibly less trusted person has the potential to use all the privileges of a more experienced, more trusted person.
Recommendation: "For both end users and privileged users, put controls in place that help honest people to stay honest. If you implement products that monitor who does what, and make sure everyone knows they are in use, you will discourage a lot of leakage."
Johnson added that identity and access management products such as BMC's CONTROL-SA make it much easier to administer and manage user access across the enterprise. BMC's Database Security Management by IPLocks helps companies keep complete records of who has what privileges and who has changed or queried what data. "[They're] great if you ever need to investigate the cause of a data theft or data integrity problem. And if you let people know this control is in place, it will discourage misbehaviour," Johnson said.
Previous
Did you find this article useful?
190 out of 364 people found this useful
- Share this article:
Full Talkback thread
1 comment
