IT 'Big Brothers' trying to keep internal users under control

Computerworld - When it comes to protecting his company's data, Tom Scocca doesn't mind that he might be seen as something of a Big Brother by internal end users.

Scocca, who is a global security consultant at a large company that supplies products to the semiconductor industry, thinks that threats from within businesses require as much attention from security managers as external threats do.

So in addition to the usual network perimeter defenses, Scocca has put monitoring tools on end-user PCs and internal networks to help guard against inadvertent or malicious data breaches.

"There is a bit of a Big Brother syndrome attached to it," he acknowledged. But IT managers need to get over their trepidation about being called snoops, added Scocca, who asked that his employer not be named.

"These tools are not there to spy on people," he said. Rather, they're designed to "make sure the things that keep the revenues rolling in aren't compromised."

The issue of rogue insiders surfaced in a high-profile way last month, when the U.S. Department of State disclosed that three contract workers with access to its systems had improperly viewed the passport records of presidential candidates Hillary Clinton, John McCain and Barack Obama. The activities of the contractors were detected by a security-monitoring system designed to alert administrators whenever flagged passport files are accessed.

But technologies that can keep a close eye on the activities of internal users have yet to be widely adopted. For example, Gartner Inc. analyst John Pescatore estimates that less than 30% of Fortune 5,000 companies have installed such tools.

The lack of active monitoring of end users is a big reason why some insiders have been able to pull off spectacular data heists without getting caught -- at least not right away.

A prime example is the case of Gary Min, a former research scientist at DuPont who in 2005 downloaded about 22,000 document abstracts containing confidential information about most of the company's major products. Min was caught only after he gave his notice; at that point, an internal investigation showed that he had accessed about 15 times more data than the next-highest user of DuPont's electronic document library.

In another prominent insider case, Certegy Check Services Inc. disclosed last summer that a database administrator had sold the personal and financial information of 8.5 million consumers to data brokers over a five-year period. The check-processing firm didn't nab the DBA until a retailer reported a link between check transactions and marketing solicitations that some of its customers had received.