Protecting Web-enabled Sensitive Data from Insider Threats

The 2005 Global Security Survey, released by Deloitte Touche Tohmatsu in June, identified internal attacks as a greater threat than external attacks to the information technology systems of the world’s largest financial institutions. Intellitactics and Coverlight Systems have joined together to provide an integrated product empowering organizations to identify attempts by authenticated users to access sensitive data in web-enabled applications that would otherwise go undetected.

“Corporate financials, customer data, and other trade secrets centralized in data centers are now accessible to a large number of users via web-based applications. Unfortunately the convenience of access comes abuse and misuse,” explains Scott Crawford, senior analyst with Enterprise Management Associates. “To make matters worse, the application environment is in a constant state of change, users are transient, access rights are rarely revoked, and user credentials are subject to phishing and identity theft. What’s at risk is the integrity and security of financial data, the privacy of entrusted customer and employee information, the confidentiality of sensitive business information, as well as the company’s reputation, brand, and shareholder value. The techniques of attackers and thieves are always evolving and nothing short of full-time vigilance will do.”

The alliance, announced last week, combines Intellitactics Security Manager software and Coverlight Percept Privacy Protection and Fraud Management technology to provide a holistic approach to security management. This powerful integration allows organizations to detect theft, fraud and abuse of web-enabled assets and accelerate the threat-management timeline. Compressing the “time to notification, time to investigation and time to remediation timeline” helps companies protect critical assets, avoid expensive and embarrassing security incidents and limit risk without sacrificing business effectiveness.

“As is evident from the recent series of news events, an information privacy breach against an enterprise can be devastating to the corporation’s brand, image, shareholder value as well as the individuals who are directly affected. Annual losses from security failures cost billions of dollars every year. Companies are under a lot of pressure to limit risk without sacrificing business effectiveness. This means they have to keep the bad guys out while they prevent losses coming from trusted insiders with unauthorized access to confidential information,” explains Randall K. Davis, president and CEO of Intellitactics. “Today, our customers rely on Security Manager for operational and informational control of complex security infrastructures. By integrating Coverlight Precept with Security Manager, we provide our mutual customers with a single database of audit log information that contains both Identity and Access Management information and Security infrastructure information.”

From an operational perspective, the offering empowers operations to passively monitor authenticated-user activity in real-time, receive security alerts in real-time, quickly investigate suspicious activity, and take immediate action to defend against and mitigate attacks. IT also allows them to maintain sensitive personal information to meet increasing privacy and auditing requirements imposed by compliance regulations including Gramm-Leach-Bliley, HIPAA, and California SB 1386 as well as privacy laws currently proposed in 20 states and both houses of the U.S. Congress.

“Today’s business conflict is quick and easy data access versus security and privacy,” explains Spencer Snedecor, CEO for Covelight. “The relative simplicity and economic benefits of web-enabled applications has introduced a new set of vulnerabilities that can be exploited by authenticated user access to confidential information and identity data. Criminals who use stolen IDs and passwords or set up fraudulent accounts to access sensitive data, and customers, employees, contractors, partners and other trusted insiders who succumb to temptation are proving to be more dangerous to enterprise security. According to Gartner, 70% of all security incidents come from insiders, and Ernst & Young reports that an insider attack against a large company causes an average of $2.7-million in damages, where the average outside attack costs $57,000.”

You may like these other stories...

Boehner addresses GOP priorities ahead of midterm electionsHouse Speaker John Boehner (R-OH) on Thursday delivered what amounted to closing arguments ahead of the November elections, laying out a list of Republican...
Financial advisors love accountants. They call, send mail, and want to buy you lunch. Their object is to cultivate you as a referral source. And you wouldn't mind a few referrals either. Also, this could be a chance to...
Former DOJ Tax Division head Kathryn Keneally joining DLA Piper in New YorkGlobal law firm DLA Piper announced on Thursday that Kathryn Keneally, the former head of the US Justice Department Tax Division, is joining the firm...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.