The biggest threats to network security come from inside the company by employees who are using everyday technologies to complete work duties.
Last week, Awareness Technologies Inc. (ATI) released its top addressable data breaches-stolen laptops, USB memory sticks and Web-based e-mail accounts. According to Chief Strategy Officer Ron Penna:
While corporate laptops and computers and the growing use of USB flash memory sticks remain the top reported data breach methods, it's employee use of webmail services such as Gmail, Hotmail and Yahoo! Mail that is emerging as the biggest underreported way in which confidential information gets into outside hands.
I suspect that these will be issues that will continue to be discussed as we move into 2011, particularly USB drives and other methods of portable memory, thanks to WikiLeaks and its aftermath. Penna suggests that it is possible to address these data breach problems with good security policy and data loss prevention solutions. He's right, of course, but I'd add into that mix the need to take advantage of the technologies available, such as stronger encryption tools and website blocking.
Based on the recent reports from different security vendors that raise concerns about insider threats, I think it will be interesting to see how 2011 plays out within the enterprise. Will companies become stricter about security and pose greater limits on employee Internet access while in the office, as well as on how they can access corporate data off-site?