What can organisations do to combat the insider threat? writes Amichai Shulman, CTO and co-founder of Imperva.
SailPoint has recently released their survey results regarding employee behavior with respect to corporate data. An interesting figure indicates that 24 per cent of the surveyed Brits mentioned they would copy electronic data and files to take with them when they leave a company.
This figure should certainly raise concern and comes as no surprise. In fact, a similar survey conducted by Imperva covering 1000 individuals in London, demonstrated how severe this problem really is. That survey showed that 79% of the respondents mentioned that either their organization does not have data removal policies (upon employee departure), or they were unaware of such policy. Furthermore, the vast majority (85%) store corporate data in home computers or personal mobile devices.
This is an immediate consequence of the trend called โConsumerisation of ITโ. What we are witnessing is a phenomenon where the employees themselves are the ones who are introducing their preferred technologies to the enterprise. Todayโs employees are tech-savvy and they want their employers to accommodate all these new technologies and devices. Workers are using social networks as an online collaboration tool.
Others are using their personal devices to access the companyโs web mail. In fact, according to a Unisys survey – referring to 2010 data – 95 per cent of workers use self-purchased technology for work. More so, employers donโt even seem to be aware of how their employees are integrating their own devices into their jobs: in that same Unisys survey, workers reported using consumer devices at twice the rate that their employers had reported.
The proliferation of mobile devices has further lent itself towards the โConsumerisation of ITโ. The SailPointโs survey indicates that 29 per cent of British employees use mobile devices to access the companyโs private Intranet or portals. The Unisysโ โConsumerisation of ITโ survey from 2010 shows even higher adoption rates among US employees. In recent years we have seen a growing variety of mobile applications that are a gateway to enterprise systems, including CRM, ERP, and document management. On top of this, the devices are consistently growing in terms of storage capacity and web technology adoption. Appleโs iPhone comes with up to 32GB of internal storage, while its bigger sibling iPad can accommodate up to 64GB of memory. (For context, one million records holding names, addresses, and social security numbers will occupy approximately 0.5GB.).
The โConsumerisation of ITโ has left the door open to Insider Threats. While the common belief is that the insider threat is usually a corporate spy or a revenge-seeking employee, the reality is more mundane. As it turns out, it is the average Joe that represents the most probable threat. Employees enjoy legitimate access to sensitive corporate data while on the job. They use their access privileges to rightfully create copies of the information as they process it for their daily tasks. Upon leaving the organization, many individuals do not care to remove copies of sensitive information, and in some cases even develop a sense of personal ownership towards it.
As we can see, the โConsumerisation of ITโ has left businesses with diminished control over access to internal perimeter and user behavior at the end point (e.g. password policy, storage encryption, use of AV software cannot be enforced employee owned devices). As a consequence, organization must put more focus on protecting data sources against abusive activity by authorized users and devices. What should organisations do to prevent this data getting out of control?
โขEnforce strict access controls over critical data. This access control should be based on a business need-to-know level. This cannot be achieved by a singular project but rather imposes a process of constantly evaluating user access privileges
โขMonitor access to sensitive corporate data and maintain a detailed audit trail.
โขDetect abusive access patterns to sensitive corporate data.
About the author: Amichai Shulman is co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva’s research organisation focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. For more information, visit –
