Computerworld - During the five months when Gary Min was stealing $400 million worth of proprietary information from a DuPont database, he downloaded and accessed more than 15 times as many documents as the next most active user of the system. But he wasn’t caught until after he left the company for a rival firm.
Min pleaded guilty last November to misappropriating DuPont data and is scheduled to be sentenced on March 29. His case is only the latest to highlight a lack of internal controls at many companies for dealing with insider threats. In February, a cell development technologist at battery maker Duracell admitted to stealing research related to the company’s AA batteries, e-mailing the information to his home computer and then sending it to two Duracell rivals.
Dealing with such risks can be challenging, especially in large corporations, says Tom Bowers, former manager of information security operations for the global security division of Wyeth Pharmaceuticals Inc.
“I am not at all surprised” about what happened at DuPont, says Bowers, who is now managing director at Security Constructs LLC, a Fleetwood, Pa.-based consultancy. “When you have a huge multinational like that, your security department is never really going to fully have any realistic idea of where or how the information is flowing,” he says.
But there are ways to mitigate the risks and keep track of what’s going on inside the firewall. Experts suggest taking the following steps:
1 Get a handle on the data. It’s impossible to set controls for sensitive and proprietary information on your network if you don’t even know where that data is.
An organization’s sensitive data is widely distributed throughout its network, says Eric Ogren, an analyst at Enterprise Strategy Group Inc. in Milford, Mass. Important data resides not just in databases, but also in e-mail messages, on individual PCs and as data objects in Web portals. Sensitive information also comes in many forms, including credit card and Social Security numbers. And trade secrets can be found in many types of documents and files, such as customer contracts and agreements and product development specifications, Ogren says.
Implementing one set of controls for all data types can be inefficient and impractical. Instead, categorize data and choose the most appropriate set of controls for each data class. Tools that automatically scan company networks and identify where sensitive data resides are available from vendors such as Reconnex Inc., Tablus Inc. and Websense Inc., and such products are growing in number. Many of these tools can be used to separate data into different categories based on policies defined by a company.
Just what is cloud computing anyway? Skeptics might say it is nothing but industry hyperbole, visionaries might say it is the future of IT. In reality, both statements are true - cloud computing has been embellished by the tech industry but it does hold real potential for new types of on-demand dynamic IT services. This paper seeks to clarify the definition of cloud computing, identify how far along users are in terms of cloud deployment, and examine the role of the network in the cloud computing model.
This ESG paper outlines the considerations for architecting an efficient SAN data storage infrastructure with a focus on the NetApp solutions for increased utilization, improved performance and streamlined protection to reduce operational costs.
The menu of green initiatives is long, but how do you get an early win with a solid ROI? Enterprise Print Services address sustainability issues well beyond paper usage. Learn how you can get an assessment of enterprise printing to identify underutilized devices, reduce energy consumption, cut waste, and free-up valuable space.
Managed file transfer has evolved greatly from its earliest meaning of scheduled FTP to today's meaning of complete file governance, including visibility, enforcement,...
