Implicit Trust

There is a legal case going on in Seoul where it is alleged that an employee took Intellectual Property (IP) with him when he changed jobs and that IP (1,1882 files) has cost more than $1billion to the Korean economy. Wow - this is a pretty huge chunk of change. How did one employee get their hands on such valuable secrets - answer… it was part of his job.

From an IT perspective the technology is there to enable the right people to have the right access to the right information at the right time. Access control is in place and authentication and authorization does its job to keep the wrong people from seeing the information. However… this relies upon trust. There is implicit trust that the people with access to the information will do the right thing with it. Unfortuately, as this case proves this is not always the case. All information has a value - to somebody and so can be at risk. Many of the data-loss stories in the media concentrate on customer details, or personnnel records - but it is also IP that needs to be protected.

IP (and customer records) are often held in databases (structured data) as well as in files (unstructured) and so technology is required not just to look at the content but also at the behaviour of the employee to look for anomalous behaviour. Unusual access  patterns need to be investigated - new technology, such as Symantec’s Database Security protuct, does exist to help mitigate against this type of data loss.

Implicit trust is now, unfortunately, a thing of the past.

March 10, 2008 | Filed Under data-loss, security 

comments

Leave a Reply