Protecting from the Malicious Insider: Multi-Party Authorization

Network infrastructure, data storage centers or control systems are constantly at risk from the actions of incompetent, or worse, malicious, employees. A highly effective new way to protect networks, sensitive data or control systems from malicious insiders is by the use of Multi-Party Authorization.

Multi-Party Authorization requires that a second authorized user approve an action before it is allowed to take place. MPA ensures that a second set of eyes reviews critical or sensitive activity and requires that second authenticated entity’s approval before any action takes place. This proactively protects data or systems from an undesirable act.

Today’s protection solutions are generally re-active or limiting in nature. The most common methods employed to protect networks, data centers or control systems from a malicious insider, if any protection is in place at all, are auditing for accountability, separation of duties, and job rotation. Auditing provides log records of who did what for later analysis. These reactive measures are intended to deter the potential malicious insider and to provide a mechanism to address inappropriate or incompetent action after the fact.

Our medical records will soon move from paper-based files to electronic health records. Many people are worried that their sensitive and private medical history will become less secure when that happens. Multi-Party Authorization can be added to electronic health record systems to protect the private patient data from unwanted release or use. The patient could be enabled using Multi-Party Authorization to be the second party approver of any and all access to their medical records. That would keep sensitive medical data more secure and less likely to be incorrectly accessed or shared. Or another trusted entity could be the second party authorizer to control access to private medical data. Adding MPA to systems that contain and share medical records protects that data from inappropriate access. That security builds confidence in electronic health records. Patients can ask if their electronic health record is MPA secured, and request it, if not.

Multi-Party Authorization technology can secure the most vulnerable and sensitive activities in network management from attack by a compromised insider acting alone. It is somewhat analogous to weapons systems that require two individuals to turn two different keys in order to enable the system. One person cannot do it alone.

Multi-Party Authorization enables secure proactive protection from undesirable acts by the inexperienced technician or malicious insider.