3/28/2007

Go to page: 1 2 

Printer Friendly Version

That mid-level executive who walks out of corporate headquarters with a flash key that holds reams of sensitive data doesn’t feel like a hacker. But when -- whoops -- he leaves it on the kitchen table, your firewall has been compromised.

And when it’s picked up by his teenage son, who inadvertently downloads it to his hard drive (where it’s sucked up by spyware and sold to operators in Eastern Europe) the affect is worse than many hack attacks.

The scenario may seem farfetched, but similar tales make headlines on a regular basis: the lost laptop, the accidental emailing of personal information. Vast storehouses of sensitive data are released due to employee carelessness (or employee malfeasance). Your expensive firewall is rendered worthless.

More and more, companies are coming to a sobering realization: their own staff represents a sprawling security threat. In a recent report, McAfee CTO Christopher Bolin summed it up: “Unfortunately, be it deliberate or accidental, the reality is that today’s workforce is posing a serious security threat to corporations, one with the potential to damage a company’s brand, reputation and even entire business.”

Tightening Your Internal Security

The difficulty of safeguarding against your own employees, of course, is that they are inside the firewall. There’s no way around giving at least some employees at least some access to confidential information.

More From Intranet Journal

Vista Security Tips: Yes, I Like the Prompts Ten Leading Open Source Innovators Top Ten Tips for Improving Your Intranet If you want to comment on these or any other articles you see on Intranet Journal, we'd like to hear from you in our IT Management Forum. Thanks for reading. - Tom Dunlap, Managing Editor. FREE IT Management Newsletters bITa Planet CIO Update Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Grid Computing Planet HTML E-Security Planet Text E-Security Planet HTML DRM Watch HTML

So what’s a company to do? To address that, Datamation spoke with McAfee executive Vimal Solanki, who noted that tightening up internal security involves two broad concepts: A) Defining security rules and policy (which includes defining exactly where your data resides – and where it shouldn’t reside), and B) Enforcing that policy.

Specifically, Solanki detailed these five points from McAfee’s report on improving internal security:

1) Develop, enforce, and ensure compliance of security policy

Step One is always developing a specifically defined security policy, and the McAfee report found that 84% of companies have done this (which makes you wonder about the remaining 16%).

A big part of this task is deciding who has access to what: the CEO obviously has total access to all documents, with access privileges tightening as you move down the hierarchy. Since even low-level employees need some sensitive data, the policy must define how – precisely, down to the night watchman – this information will be archived and distributed.

2) Safeguard data at every stage

A secure company looks at all channels of how data can leave the perimeter. The channels are divided into three areas, Solanki says: physical, network and application.