Enterprising Developments

How to Avoid Your Own 'WikiLeaks'

Joe McKendrick
Insurance Experts' Forum, December 13, 2010

Recently, in my work with Unisphere Research, I had the opportunity to work on surveys of both Oracle and Microsoft SQL Server database managers and administrators on the issue of data security. 

For the record, it wasn't even really important that these were groups working with technology from two major platform providers who provide an abundance of security solutions. You can have the best technology in the world, but security gaps will still arise if your information is not managed and stewarded in a careful way.  In fact, the surveys found a culture of complacency hampers information security efforts, and as a result of lax practices and oversight, is leaving sensitive corporate data vulnerable to tampering and theft.

What happened in WikiLeaks? A U.S. Army private with security clearance had downloaded huge volumes of sensitive material. As a result, the military has cracked down on removable media.  Similar things have happened before. PrivacyRights.org reports that in another recent incident, an employee at the General Services Administration of the U.S. government sent an email with the names and Social Security numbers of the entire staff of 12,000 GSA employees to a private, outside address. 

If you look at the long, long list of data breaches at PrivacyRights.org, you will begin to notice a common and recurring theme among many data security breach incidents. Namely, a lot of employees and outside contractors had access to personal identifiable information – including Social Security and credit card numbers – and either maliciously walked away with it, or simply carelessly left it in their cars, or on laptops, that eventually were stolen.

Employee awareness training and well-communicated policies may help stem some of these risks. Auditing and monitoring also helps, but usually only catches breaches after they occur. Organizations can be proactive and render the data useless to prying eyes as well, by encrypting, masking, or de-indentifying the data.  However, most companies in the two surveys, covering 761 SQL Server and 430 Oracle sites, do not protect data at this level. (View my Webcast on the PASS findings here.) 

Remarkably, about a third of the data managers in the survey were not even aware of what information security strategies were in place within their enterprises, nor what kind of budgets were available.  This suggests a severe disconnect between management commitment and what needs to be done. 

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

IT Spending is Healthy, But Where's the Money Going?

IT leaders expect more money for cloud, virtualization and mobile — but no staff increases.

To Quantify or Not — That is the Question with Modernization

Making the quantitative case is a long-practiced ritual in many insurance organizations.

3 Reasons DevOps Matters

Every insurer needs to compete on products and information turned around in light-speed fashion.

Coordinate Coverages to Manage Social Media Exposures

The bottom line is that no one policy will cover all the exposures in the social media realm.

The Internet of Things: Helping Insurers Make Better-Informed Decisions about Risk

The IoT is a major game changer for the insurance industry, and will likely affect every part of the insurance value chain. After all, insurance is data-driven, and that’s exactly what the IoT can deliver—relevant, actionable, real-time data that can provide an accurate picture of what is being—or may be—insured.

Software-Defined Everything

What does it take to virtualize all the key components in your data center?

Advertisement

Advertisement