Adam Gartenberg's Blog

Business Analytics and Optimization, IBM and Social Marketing

Protecting Data from Abuse by Insiders

I had a chance to sit down yesterday with a number of a number of people responsible for creating (or deploying) IBM's Data Security solutions, arranged as part of the blogging program.

I have to admit that our security offerings were not an area that I had delved too deeply into, and our discussion really opened my eyes as to just how narrow a view I'd had.

For example, while stolen laptops or USB drives might make the news, 92% of breaches come from database servers.  And while companies have invested over the past decade hardening firewalls to try to prevent intrusion, they are still very exposed to other threats, such as that coming from insiders.

While this was something I hadn't really thought too deeply on before, insiders represent a very large percentage of the threat to data security (and often external threats can come from stolen credentials to the system, at which point they're masquerading as an insider).

Regarding insiders, the current state of affairs is not a pretty one:

  • 3 in 4 organizations can't prevent privileged users from reading or tampering with data in their databases
  • 2 of 3 can't detect or prove that it's going on
  • Only 1 of 4 use automated tools to monitor databases for security on a regular basis

Supporting the point that most people are focusing on wrong things is data from a recent Forrester survey of 305 IT decision makers, which found that  2/3 of the value of corporate information portfolio resides in non-regulated data (secrets)
  • Avg damage caused by rogue IT administrator = $482k
  • Average cost of accidental leakage $12k (e.g., someone e-mailing info they shouldn't)

What can a company do about it?  

They can put in place solutions that will protect against inappropriate use, removing system access for users who demonstrate suspicious behavior, blocking users (and even admins) from data for tables they don't have a need to access, and redacting data to hide sensitive fields from view.  (InfoSphere Guardium solutions can do all of this.)  Extending further, IBM's Optim solutions can help remove another potential source for abuse by ensuring that data in test systems does not contain any sensitive personal information.

Sadly, it often takes a breach or a failed audit before a company pays attention to data security.  Interestingly, the team pointed out that in addition to providing data security, InfoSphere Guardium can help companies compile the information needed to pass audits (which can provide substantial ROI because DBAs don't have to spend time looking at logs and spending the time and money required to prep for the audit.)

As I said, it was a very informative and eye-opening discussion, and I appreciate the time of the security team in meeting with us.