Security is a preoccupation of enterprise IT, but often the focus is on hacking and external malfeasance. Too often, the biggest threats to data security come from within the organization.
So it's no surprise that insider access and identity control is part of a sweeping announcement by IBM today of 10 new security products targeting big-data, mobility, and cloud computing.
The following are among the offerings being unveiled:
Automated data security controls and data masking to guard big-data as it moves through enterprise systems;
Authentication control for mobile users, plus tools to integrate access management into mobile applications;
Enhanced identity and access management for cloud networks;
Security administration, policy enforcement, real-time alerting, and audit reporting for mainframe hosts.
IBM has released the following video related to the news:
Many of these features and products directly address the issue of how employees can access unstructured data, mobile applications, and cloud services -- all the resources on which enterprises increasingly rely -- in a protected way.
IBM showcases two examples of firms targeting enterprise access control in the cloud: the Flemish Government, which has added IBM identity and access management software to assign multiple roles to one person's digital identity -- such as "public servant" or "notary." The government's cloud offers services for 6 million citizens via more than 100 Websites.
In another instance, Molson Coors Brewing Company in the US has added several layers of audit-related data to its access management system via IBM. Employees have one identity for accessing the corporate cloud, but that identity can also be associated with a variety of reports for corporate use.
The goal is not just keeping corporate data safe; it's also vital to prove to regulatory bodies like the US Securities and Exchange Commission that, in the event of a breach, all necessary measures were taken to protect data.
That's important when you consider the legal exposure and brand damage caused by insider threats. In September 2012, for example, non-profit consumer advocacy group Privacy Rights Clearinghouse posted five major data breaches in its database, encompassing more than 68,000 compromised data records (including personal Social Security numbers, names, address, etc.). Here are some of the chilling details:
September 7: The University of Miami Hospital discovered that two dishonest employees had accessed and possibly sold patient information, including names, dates of birth, and reasons for hospital visits, between October 2010 and July 2012. Estimated records affected: 64,846.
September 11: A former financial planner in Indianapolis was convicted for stealing information from about 3,000 of his clients, using it to open new accounts, get cash advances, make purchases, and more. He will serve two years in prison and pay $48,488.66 in restitution.
September 16: A dishonest employee of Quest Diagnostics in Madison, N.J., was found to have pilfered patient email containing personal information on an unknown number of patients.
Quest Diagnostics was among the firms suffering insider data breaches in September 2012. (Photo: Euthman)
These examples illustrate that insiders are a growing threat in today's enterprises, and it's important to address them in the context of emerging technologies like cloud services. In a recent blog, Bill Claycomb and Alex Nicoll of CERT Insider Threat Center stated:
We caution against simply casting previous solutions to other problems in light of a cloud environment... Rather, we suggest an approach grounded on solid information assurance principles and focused on finding new solutions that address real threats to cloud computing.
Today's announcement from IBM demonstrates a significant effort to implement just this kind of approach against the enemy within.
Indeed, there are a lot of great folk in the healthcare sector. A few bad apples turn up in any industry group. That said, I did find it interesting that hands-on theft was such a factor in so many data breaches -- we usually think of data exposure as something that happens strictly online. That's not the case.
Great info. This makes a strong case for improving the health system! I've often said that knowing the overall health system is the best preventative health tool - it keeps you healthy to avoid being hospitalized.
The reality you present, Mary, really is compelling evidence that we must have more transparency and accountability in the health system; that will also better support the good people in the system - and there are many! This confirms there is a lot of work for IBM in healthcare alone.
Well, according to Privacy Rights Clearinghouse, there are a ton of data exposures that are inadvertent, but nearly just as many that come from employee dishonesty by healthcare workers. Not good news.
True, Mary. It's not intended maliciously; it is primarily a culture that has been accustomed to being in control of the patient and information. The legislation to secure patient information is in place, the culture is not.
This is a brilliant package and design by IBM to solve corporate problems, Mary.
You are absolutely correct on the nurses and healthcare. Having worked with the healthcare industry, and also teaching as an adjunct professor in health sciences program, they have been well oriented to patient confidentiality and HIPPA laws. Here in Calif., where we have the celebrity syndrome, Kaiser fired two nurses several years ago that only viewed the medical record, without authorization, of the celebrity Mom that had the quintriplets.
This IBM design is perfect for industries like healthcare that are going to have to build strong security systems, because the culture isn't there to meet the regulations.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The role of the analytics team at Memorial Sloan-Kettering Cancer Center is to serve as lamplighters -- to help healthcare providers make use of the hospital's vast store of data on cancer to improve treatments.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providersí ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
You've heard the expression, "Out of the frying pan, into the fire?" Amazon lives in the fire. The e-tailer wins by keeping things hot for its competitors, employees, and itself, according to a new book.
Positec, a manufacturer of power tools for homes and commercial applications, achieves greater customer service flexibility and cuts hold times in half by using a cloud-based service to manage its call center.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?