Five Security Budget Tips for 2011
Five tips that IT organizations should use to remind the business side why it needs to invest in security.
People have always been concerned about potential insider threats to sensitive data and intellectual property. But their willingness to do something about mitigating those security threats has never been really strong enough to be really proactive about access management, even in the face of pressure from any number of compliance requirements.
But as the economy starts to recover, a more insidious issue is now at work within the four walls of the enterprise: A lot of employees are fundamentally angry. This is because many of them have felt abused over the last three years and as the economy recovers, they're not seeing any real improvement in their own situations. Profits are up at a lot of companies, but new hires are still scarce. That basically means that companies are getting a lot more productivity per employee. That's not a bad thing per se, but it is creating a climate where some insider might take it into their head to "punish" their employer in much the same way governments around the world are now being punished by any number of WikiLeaks postings stemming from a lack of access management.
For those reasons, companies might want to take a second look at their current access management policies, says Gijo Mathew, vice president of security product marketing for CA Technologies. Much of the security focus these days is on external threats, but most security experts will tell you that it's the insider that consistently does the most damage. And right now, a lot of people with access to all kinds of information are bearing some serious grudges.
In particular, Mathew notes that it has become a lot easier to apply more granular controls to data across the enterprise. So that means that there are now various degrees of "privileged user" access that can be granted to employees based on their role in the organization. In addition, it's also a lot easier to give people temporary access to files and systems in a way where that access is automatically revoked after a set period of time.
None of this means that employers should view every employee with suspicion. But an ounce of prevention can go quite a long way in a world where, as the saying goes, we should learn to "expect the unexpected."