Action Plan: Step up monitoring and shut down access as quickly as possible to make sure no intellectual property leaks out.
Security Manager's Journal: Massive layoff is a security issue
It's not easy knowing that 1,000 people will lose their jobs. And it's no picnic making sure that no IP is lost in the process.
Computerworld - It's been a rough week. Today, my company announced a 15% cut in its workforce, or about 1,000 employees.
Naturally, I knew this well before today. Layoffs are never easy, and it can be agonizing to come into contact with co-workers -- some of them friends -- and say nothing, despite knowing that they will lose their jobs in a few days. But as the security officer, I needed to be privy to the list ahead of time because I had to take steps to ensure continued security.
My first task was to identify any layoff candidates who represented single points of failure, meaning they were the only employees who could perform a particular critical job function. Single points of failure, human or otherwise, are a bad idea. But it happens, and it's better to recognize them in advance than to realize your mistake after they've left the company.
I was also expected to identify employees who could pose a danger to themselves, others or company resources. This isn't really something that involves information security, but the "security" label in my title has drawn me into some areas related to physical security.
Finally, I had to secure our intellectual property. While some employees were asked to stay for one to three months, many were told to leave immediately. Those employees' accounts had to be terminated as quickly as possible. For example, many of them were service technicians, and we couldn't risk letting any of them retain access to the network and our highly valuable service documentation.
Ahead of the notification, I briefed my security engineers about the pending action and had them pay more attention than usual to our intrusion-detection sensors. Currently, our sensors are positioned to watch traffic running from the Internet to our DMZ and the data center. I wanted to watch for denial-of-service attacks and attempts to gain unauthorized access to our critical systems. I also had some extra rules put in place for our data-leak prevention infrastructure to watch for all PDF files, source code and CAD documents leaving the company, since these three file types represent a large portion of our valuable intellectual property.
We've done this sort of thing before, but never on this scale, and it was a challenge to terminate hundreds of accounts in a very short period of time while minimizing the number of people who would know about the layoffs in advance.
Since we don't have a robust identity management tool, several interfaces must be used to remove access. The most important deactivation is the domain account, since many of our critical business systems are configured with single sign-on. Other systems, such as our SecureID servers, BlackBerry Enterprise Servers and remote access, couldn't be tackled ahead of time. And because we were laying off some network engineers, we had to remove access to resources such as routers, switches and telephony systems that are managed independently of the single sign-on environment, and we had to change all administrative passwords. Some of this was handled in advance by using scripts that kicked in after the notification was announced, but scripts don't always work as anticipated.
Notification day is drawing to a close, and so far we have seen a few sensitive documents being sent to Yahoo addresses -- events that I have started to investigate. Otherwise, everything has been quiet, with all the scripts and account terminations working well. My next task is to figure out how to do more with less, which I'll discuss in my next column.
Join in. To join in the discussions about security, go to computerworld.com/blogs/security.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!