COLUMN

Insider threats thwarted in simple steps

By Mike Rothman 05 Jul 2007 | SearchCIO-Midmarket.com Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

We can't shut down access, but we need to control it.

IT managers at small and medium-sized businesses (SMBs) bought firewalls, virtual private networks (VPNs), intrusion prevention tools and, increasingly, antispam gateways to fortify perimeters. Now these capabilities are starting to show up in an integrated appliance commonly known as unified threat management (UTM).

And now it has become clear that the enemy might not only be "out there." Enemies may be stealing data from the inside, delivering your intellectual property to competitors or compromising private data for fraudulent purposes. So was born the insider threat.

Insiders have been involved in fraud since the beginning of time. They are in a trusted position and have access to sensitive data. They need access in order to do their job, so shutting them down isn't really an issue. So the keyword is going to be control. We can't shut down access, but we need to control it.

Technology keeps moving forward, and within the last two years large enterprises have started to deploy technologies that control access to networks, as well as monitor content usage both at the network perimeter and on desktop computers. Both of these technologies will be available to SMBs, so you should understand how they work.

Network access control

Network access control (NAC) products ensure that only devices adhering to a corporate policy are allowed on the network, while monitoring what the devices are doing when they are on the network. You can enforce policies on the configuration (antivirus, patch level, etc.) of devices, or what they are supposed to get to. Thus, visitors can get to only the Internet, but someone on the executive team gets free reign -- when they connect in the office. They have restricted access at home.

If you have a lot of visitors and/or contractors who need access to your network, or you have mobile employees, NAC is worth a look. You want something as nonintrusive as possible (so you don't have to re-architect your network) and that doesn't require each desktop to have an agent for enforcement.

Over time, NAC will be embedded within the network devices that you know and love, like your routers and switches. But that will take a while, so if you have a need to control what connected devices do now, check out NAC.

Leak prevention

Leak prevention offerings currently target the large enterprise, but more products for SMB are appearing. In a nutshell, these products spider your network and figure out where your sensitive data is (it's in more places than you thought). They then employ gateways and endpoint clients (that run on your computers) to govern the use of that content.

More on insider threats Rising cost of data breaches fuel security spending Insider threats: Watch out for the quiet ones

The key to these products is the ability to enforce a consistent policy across your organization. You can turn off USB devices or monitor the content that is copied. You can scrutinize outbound emails or check out what folks are sending through their webmail and other applications. It's a tremendously flexible technology.

But with that flexibility comes complexity. That's why these offerings are more enterprise-focused right now. Over time, prebuilt policies and more portable technologies will make these offerings a requirement for all organizations.

In the meantime, you can provide similar protection by integrating a number of existing product sets that you may already have. Your email gateway can scrutinize email, and your Web-filtering device can control where users surf. You can also implement device control products that turn off your USB ports, so desktop leakage isn't an issue.

The insider threat is something every organization must take seriously and start working on defenses to make sure the one you know isn't the one that kills you.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at http://www.pragmaticcso.com, read Rothman's blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.

Tags: Security for the midmarket,  Information security management for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary