Databases, Data Leaks, and Sieves
At some level networks are like systems of pipes with information flowing from sources to sinks but that's a lousy analogy. I hope our water infrastructure doesn't leak like our information networks can. Take the case of a former employee of a mortgage lender who stole customer data using a USB flash drive.
ComputerWorld reports a former senior financial analyst at CountryWide (since acquired by Bank of America) used his access to the customer database to siphon of information for sale to third parties.
Employees need access to data, especially senior analysts. When it comes to database access though we can control how much information users see. Analysts working at aggregate levels looking for market segments, trends by customer types, etc. don't need the fine grained detail that an loan application closer would. Of course the closer wouldn't need access to the breadth of applications an analysts has. Users can have deep, detailed access to a limited set of data or broad, shallow access to a wide range of data but not both. If someone does need broad and deep access, their transactions should be logged and monitored.
Another way to mitigate data loss risks to lock down the use of USB flash drives, iPods, etc. Data loss prevention tools using content filtering technology are also intended to stem data leaks.
Networks can sometimes look more like sieves than pipes. See "End User Security: The Weakest Link" and "5 Steps to Getting Started with Data Loss Prevention" articles in the Messaging and Web Security Digital Library for more on this topic.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
