Blog

Data Insecurity Comes From Within

Joe McKendrick
Insurance Experts' Forum, October 13, 2009

Forget the hacker from Belarus. He can wreak havoc with your system if he gets in, but most companies are on their guard against such maliciousness. But few companies appear to be ready to handle inside breaches.

What about that database services vendor to whom you have been shipping all your information? Or what about those database administrators you trust with your vital assets? Or those development teams that are using live data in their test beds? Or the staff at your disaster recovery site on the other side of the state? What guarantees do you have that they are handling sensitive data in a prudent manner? Are you monitoring what they are doing with your data?

If you check out the latest publicly available information on major data breaches at PrivacyRights.org, you will see an interesting pattern to these series of unfortunate events: many involved employees of third-party vendors who had their laptops stolen from their cars or offices. Of course, the laptops had the names and Social Security numbers of customers.

I just wrapped up a Webcast, conducted with Oracle and the Independent Oracle Users Group (IOUG), that looked at the challenges of data security in an age of economic uncertainty. Roxana Bradescu, senior director of database security product marketing at Oracle, and session moderator Ian Abramson, IOUG president joined me. (Free registration required to view.)

As Roxana explained it, there are three modes of data security: prevention, detection and recovery. In my presentation, we covered the results of a survey of 316 IOUG members, conducted by Unisphere Research for IOUG and Oracle that looked at the state of prevention and detection within the industry.

Essentially, there was a marked reduction in data security initiatives since the last survey was conducted last year at this time. This is attributable to tight IT budgets and spending as a result of the turbulent economy, and this has repercussions across organizations' efforts to lock down their data assets.

The survey uncovered the following issues:

•    Data security spending slowed dramatically over the past year

•    More data is being sent to off-site third parties

•    Less data is being encrypted

•    Fewer databases are being monitored for breaches or unusual activity

•    More backed-up data is going offsite unencrypted

•    Organizations are not paying enough attention to what privileged users are doing when they working within databases

Organizations need to encrypt or mask sensitive data that leaves production environments, and it doesn't matter if it's going down the hall or across the world to an offshore site. Plus, as the maxim goes, they need to “trust, but verify” the activities of their most trusted users. Prevention of data breaches at these levels is worth a pound of cure.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology. He can be reached at joe@mckendrickresearch.com.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.

Modernizing Information Management

While better reporting and actuarial analysis help to support financial decisions, improved analytics and decision making greatly assist the rest of the organization.

Strategic Planning: Here and Now

Insurers’ annual strategic planning efforts can benefit from an infusion of tactical reality.

Advertisement

Advertisement