Safeguard Enterprise Data during Employee Separation

There have been cases of data loss, where employees were part of such acts during the transition to the new job. A report by “Bnet” shows that 45 percent of employees take data when they change jobs. Such is the case with a former HP employee, who had allegedly sent copies of IBM confidential documents to his Vice President at HP. Prior to joining HP, he was employed by IBM and had access to this information.

Before we drill down, let's analyze the reasons which can be multiple- 

• Identity & Access Management (IAM) solution not correctly in place or may not be designed effectively-It is often observed that enterprise doesn't develop correct boundaries for IAM. The most important question every CISO or CIO concern about is optimization and efficiency around processes with minimal security incident (to make close to zero). This often leads to comparison with peers on-

          -How we are doing as an organization?

          -What is the next step for building our secure Environment using 

           IAM infrastructure?

          -How to develop IAM maturity model

• Data Loss Prevention system is missing or may not be developed correctly.
• A vendor has not captured all the scenarios (happy & unhappy) while developing the system.
• The vendor is not equipped with SME and domain expertise to understand Technology trends.
• Periodic system and process review mechanism not in place.

Let's define the best practice approach to avoid such scenarios in Enterprise-

• Identity & Access Management(IAM) solution-Developing a Strong Enterprise processes-Separation Process should be in place to handle employee resignation scenario and removing access rights to critical systems during Employee Notice period.HR system should be designed to provide user resignation information to the IDM system for de-provisioning of critical systems. However, the above process can be modified/realigned keeping the Business objective in mind.
• Enforcing Periodic System and process review 
• Enterprise needs to align with vendors who understand the Subject and can translate business processes keeping domain and business objective in mind.
• Missing Data Loss Prevention system-A Proper implementation of DLP would have marked this data as sensitive and rated it highly critical. Common exit points of this type of data breach are corporate email, webmail, FTP, removable drives, and printing. At any of these exit points, DLP would have flagged this activity. Let's explore the effectiveness of DLP in the enterprise-There has been misleading information of DLP being able to identify 370 plus file formats. File type identification does not translate into content inspection. It is roughly about 180 file types that this technology can interpret and inspect the contents. In order for DLP to do its job effectively, content inspection is important. Customers tend to get sold on the sheer number of 370, when in fact DLP is equipped to tear down the file on less than half of them.