Enterprise is a combination of 3 pillars- People, Process & technology solutions in order to provide value added services to customer keeping Trust assurance.
An employee uses various devices in an enterprise, since the IT companies are user friendly and support mechanism like smart phones, wireless system and personal Laptops
which may or may not be aligned with IT security policy.There have been cases of data loss, where employees were part of such act at will. A report by Bnet shows that 45 Percent of employees take data when they change jobs. Such is the case with a former HP employee Atul Malhotra, who had allegedly sent copies of IBM confidential documents to his Vice Presidents at HP. Prior to joining HP, he was employed by IBM and had access to this information.
How can we stop data theft against malpractice?
There is an obvious need to minimize breaches of security, but this task goes beyond simply securing the technologies. Solutions have to be pragmatic and relevant to work processes they are going to protect, so there may be trade-offs. Users have to work with the solution and if usage is too complex or cumbersome it won't work.
This means that C-level management should take a more active role as security shifts from being technology-centric to business risk-centric. Security decisions should involve business-level discussions, and management is in a better position when it comes to determining the risks involved. And the biggest security risk may turn out to be a disgruntled employee.
How could this incident have been prevented?
Proper implementation of DLP would have marked this data as sensitive and rated it a highly critical. Common exit points of this type of data breach are corporate email, web mail, FTP, removable drives and printing. At any of these exit points DLP would have flagged this activity. Periodically, Security Policy should be reviewed and transformed as part of DLP solution.
No comments:
Post a Comment