Action Plan: Step up monitoring and shut down access as quickly as possible to make sure no intellectual property leaks out.
Security Manager's Journal: Massive layoff is a security issue
It's not easy knowing that 1,000 people will lose their jobs. And it's no picnic making sure that no IP is lost in the process.
Computerworld - It's been a rough week. Today, my company announced a 15% cut in its workforce, or about 1,000 employees.
Naturally, I knew this well before today. Layoffs are never easy, and it can be agonizing to come into contact with co-workers -- some of them friends -- and say nothing, despite knowing that they will lose their jobs in a few days. But as the security officer, I needed to be privy to the list ahead of time because I had to take steps to ensure continued security.
My first task was to identify any layoff candidates who represented single points of failure, meaning they were the only employees who could perform a particular critical job function. Single points of failure, human or otherwise, are a bad idea. But it happens, and it's better to recognize them in advance than to realize your mistake after they've left the company.
I was also expected to identify employees who could pose a danger to themselves, others or company resources. This isn't really something that involves information security, but the "security" label in my title has drawn me into some areas related to physical security.
Finally, I had to secure our intellectual property. While some employees were asked to stay for one to three months, many were told to leave immediately. Those employees' accounts had to be terminated as quickly as possible. For example, many of them were service technicians, and we couldn't risk letting any of them retain access to the network and our highly valuable service documentation.
Ahead of the notification, I briefed my security engineers about the pending action and had them pay more attention than usual to our intrusion-detection sensors. Currently, our sensors are positioned to watch traffic running from the Internet to our DMZ and the data center. I wanted to watch for denial-of-service attacks and attempts to gain unauthorized access to our critical systems. I also had some extra rules put in place for our data-leak prevention infrastructure to watch for all PDF files, source code and CAD documents leaving the company, since these three file types represent a large portion of our valuable intellectual property.
We've done this sort of thing before, but never on this scale, and it was a challenge to terminate hundreds of accounts in a very short period of time while minimizing the number of people who would know about the layoffs in advance.
Since we don't have a robust identity management tool, several interfaces must be used to remove access. The most important deactivation is the domain account, since many of our critical business systems are configured with single sign-on. Other systems, such as our SecureID servers, BlackBerry Enterprise Servers and remote access, couldn't be tackled ahead of time. And because we were laying off some network engineers, we had to remove access to resources such as routers, switches and telephony systems that are managed independently of the single sign-on environment, and we had to change all administrative passwords. Some of this was handled in advance by using scripts that kicked in after the notification was announced, but scripts don't always work as anticipated.
Notification day is drawing to a close, and so far we have seen a few sensitive documents being sent to Yahoo addresses -- events that I have started to investigate. Otherwise, everything has been quiet, with all the scripts and account terminations working well. My next task is to figure out how to do more with less, which I'll discuss in my next column.
Join in. To join in the discussions about security, go to computerworld.com/blogs/security.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts