Internal threat prevention
Internal threat prevention
May/Jun Edition, 2007: Budgets have been slashed and you’ve been told to downsize. An eerie silence falls over the organisation as corridor chatter becomes whispers. Distrust sets in and you suspect anger and retribution will soon follow. The question is: where are your information assets and how are they protected?
Let’s face it, being swept aside during a major downsize is a horrible thing for anyone to go through. The problem for the organisation is that some of those people might also be in technical positions, say IT administrators, who are supporting end users and managing backups. They know the business systems intimately and, depending on their access rights, might have a backdoor to the corporate crown jewels: HR, financial or customer information held on databases.
You would think, as many senior managers do, because a logon is required to access the CRM, ERP or other systems, that access is controlled and information is protected. But is this really the case? Many people do not know just how easy it is for IT staff to access raw data in databases.
A 2005 study conducted by the U.S. Secret Service National Threat Assessment Center and the Carnegie Mellon Software Engineering Institute’s CERT program, looked at 50 cases of insider sabotage carried out between 1996 and 2002. It found that the great majority of insiders engaged in sabotage (86%) were employed in technical position.
SQL Tools MD, Tony Finnemore, APAC distributor for idera, says, “It is very easy for Sales Managers and other privileged users given direct database access to strip all client information into a spread sheet for their next job.” The costs are obvious: brand damage, loss of confidence, cost of cleanup, liability for fraudulent transactions and non-compliance with PKI standards or possibly Sarbanes-Oxley regulations.
But this is just the tip of the iceberg. If and when a data breach occurs, how are you supposed to prove it occurred? Other threats are unauthorised price changes to a website database, access to HR systems, payroll system changes and unknown users being given special access as a member of an Active Director group.
According to Finnmore the best way to protect this information is by securing the SQL Server, which is commonly used in payroll, HR, CRM, accounting, support, web site back ends, SharePoint, and repositories for other security products like email and network monitoring archiving. “All of these offer limited management/monitoring of security and access to data,” says Finnmore.
The three solutions Finnmore has proposed to customers facing these concerns are idera’s SQLsecure, SQL Compliance Manager and SQLsafe.
To monitor activity, SQL compliance manager allows alerts to be setup to monitor for security changes and unusual activity like selects on customers from home VPN logons out of hours.
Finnmore says, “Active directory has added to the complexity of analysing who has access to what on SQL Server. We have had a finance client using SQLsecure in a trial discover an Active Directory group used by an external outsourcer that had open access to confidential data.”
SQLsafe secures the back up process. Besides encrypting the backup files for transmission to external DR centres or storage, the SQLsafe’s high compression helps minimise the cost of maintaining business continuity processes.