Monday, November 10, 2014

Are you a Weakest Link of your Business-5 Common cause

Organization scramble to achieve high business growth often overlooked the underlying processes which are the core of any business operation. A manual process to handle employee separation process lead devastating circumstances. Most organization take an almost couple of weeks to manage separation process and at times it become unnoticeable for years. 
"Are you a Weakest Link of your Business"

There have been cases of data loss, where employees were part of such acts during the transition to a new job. A report by “Bnet” shows that 45 percent of employees take data when they change jobs. Such is the case with a former HP employee, who had allegedly sent copies of IBM confidential documents to his Vice President at HP. Prior to joining HP, he was employed by IBM and had access to this information.

For most organization the generalize causes for data breach are-
  • Identity & Access Management (IAM) solution not correctly in place or may not be designed effectively-It is often observed that enterprise doesn't develop correct boundaries for IAM. The most important question every CISO or CIO concern about is optimization and efficiency around processes with minimal security incident (to make close to zero). This often leads to comparison with peers on-
           -      How we are doing as an organization?
           -      What is the next step for building a secure Environment using IAM 
                  Infrastructure?
           -      How to develop IAM maturity model 
  • Data Loss Prevention system is missing or may not be developed correctly.
  • Data Analytics not mature to address current security landscape with proper escalation mechanism.
  • Inadequate testing to capture all the scenarios (happy & unhappy) while developing the system.
  • The vendor is not equipped with SME and domain expertise to understand Technology trends. Scalable enterprise visibility to provide intelligent threat analytics capability.
 Best practices to energize enterprise maturity to overcome data beach. 
  • A rapid incident detection and response framework with relevant investment from enterprise to mark as a continue process improvement model.
  • To build flexible and powerful automation capabilities to adopt speed, agility, and scalability.
    • Developing a Strong Enterprise processes Automation using Identity & Access Management (IAM) solution. Separation Process should be in place to handle employee resignation scenario and removing access rights to critical systems during Employee Notice period.
    • Missing Data Loss Prevention system-A Proper implementation of DLP would have marked this data as sensitive and rated it highly critical. Common exit points of this type of data breach are corporate email, webmail, FTP, removable drives, and printing. At any of these exit points, DLP would have flagged this activity. Let's explore the effectiveness of DLP in the enterprise-There has been misleading information of DLP being able to identify 370 plus file formats. File type identification does not translate into content inspection. It is roughly about 180 file types that this technology can interpret and inspect the contents. In order for DLP to do its job effectively, content inspection is important. Customers tend to get sold on the sheer number of 370 when in fact, DLP is equipped to tear down the file on less than half of them. Implement continues enterprise data fingerprinting to minimize inside data breach.
    • Bi-Direction integration with existing security solution like SIEM, IAM, DLP and developing an intelligent threat BIG Data analytics capability to give complete enterprise visibility.
  • Enforcing Periodic System and process review 
  • Enterprise needs to align with vendors who understand the Subject and can translate business processes keeping domain and business objective in mind.