Beyond Cyber-Hacking: The Growing Threats of Internal Theft and Data Mishandling
Designers and manufacturers of high tech products and services, particularly in aerospace and defense, have always spent huge amounts of money to protect intellectual property (IP) from loss and leak. The bulk of security efforts typically focuses on the growing threat of external intrusion from outside the company, particularly from overseas cyber-hackers. This focus is not surprising given the media attention on high profile cyber-hacking incidents, especially the details divulged by the Snowden documents. NSA documents reveal a huge amount of data related to defense technologies being stolen: the equivalent of five Libraries of Congress (50 terabytes). more “Protecting Intellectual Property for Product Lifecycle Management (PLM): The Right Way to Do Rights Management”
By E.K. Koh, VP of Solutions at NextLabs
It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is essential, but not sufficient. What is your value at risk? It is your DATA.
Data is Valuable
In a survey by Forrester, companies noted that corporate secrets (or intellectual property) comprise 2/3 of their information portfolio, with 1/3 being customer custodial data. The figure below shows the relative value of different types of data rated on a million dollar scale: more “4 Ways IT must Change to Protect your Business”
by Sudhindra Kumar, Principal Software Engineer at NextLabs
Kentucky recently joined 46 other states in the U.S. that enacted a data breach notification law. California is the vanguard – enacting the first such law in 2002. And now, the high profile data breaches of retailers Target and Neiman Marcus are serving as stimulants for revisions to and improvements of the breach notification laws. more “Data Security in the Cloud – beyond Encryption”
By E.K. Koh
In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”
By Sandeep Chopra.
“Attributes” is the new Role?
In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”
By EK Koh.
Many companies need to protect sensitive intellectual property (IP) as they collaborate globally on product designs and across multi-level supply chains. They also need to comply with cross-border export regulations even as they collaborate and share technical data with global customers, partners and employees. more “Industry Spotlight: How does GE Oil & Gas manage operational Information Risk?”