Bloomberg clamps down with data-access policies after scandal
The financial data and news company develops in-house access controls after controversy over journalists seeing client information
IDG News Service - Financial data and news company Bloomberg has developed in-house access controls and embraced several other technological fixes after it emerged last year that the company's journalists had routinely accessed data on how Wall Street clients were using the company's computer terminals.
Bloomberg on Thursday released a report outlining more than 65 technology and process changes the company has made based on August recommendations from outside advisers, including law firm Hogan Lovells and regulatory compliance firm Promontory Financial Group. The company has adopted, or is working to adopt, every recommendation from the outside auditors, Bloomberg CEO Daniel Doctoroff said in a letter accompanying the report.
"We have tapped the best technical minds at our company, including our R&D department, to build off some of our historic innovations like the use of biometric finger image authentication, and to perform a comprehensive analysis of our systems to identify deficiencies and recommend enhancements," Doctoroff wrote.
Bloomberg journalists were able to see information on how the company's terminals were used on Wall Street, including when customers had logged in and when they looked up data on equities, bonds or other broad categories, according to news reports from last May. Bloomberg client Goldman Sachs had raised concerns about a reporter's questions related to an employee's terminal use.
One of the goals of releasing the report is for Bloomberg to "reach out so that we can set more standards across the industry, so that others can learn from what we went through," said Paul Wood, Bloomberg's new chief risk and compliance officer.
The company has pumped up its access controls, by monitoring user activity logs and employing automated triggers to check on systems access, the report said. The access controls implemented by the company may be among the most sophisticated available and allow the company granular control over who has access to company data, based on employee roles, geography and other factors, Wood said.
The company integrated its access control systems with its personnel databases, allowing Bloomberg to track employees as they change positions, Doctoroff said in his letter.
Bloomberg, using access control systems developed in house, has tried to "transform the access to data," Wood said. Access control is a difficult challenge that many companies are still wrestling with, he said.
The company has long used fingerprints as part of the log-on process on its financial terminals, and that functionality helps Bloomberg monitor information access and "prevent an inflation of permissions" as employees change jobs within the company, said Steven Ross, Bloomberg's chief client data compliance officer.
The company has centralized its activity logs to review users' attempts to log in to unauthorized parts of its system, the company said in the report. It has scheduled periodic testing on the role-based access system, as Hogan Lovells recommended, and it has established a working group to search its software code for instances where passwords might be able to exceed role-based restrictions.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts