Security is a preoccupation of enterprise IT, but often the focus is on hacking and external malfeasance. Too often, the biggest threats to data security come from within the organization.
So it's no surprise that insider access and identity control is part of a sweeping announcement by IBM today of 10 new security products targeting big-data, mobility, and cloud computing.
The following are among the offerings being unveiled:
Automated data security controls and data masking to guard big-data as it moves through enterprise systems;
Authentication control for mobile users, plus tools to integrate access management into mobile applications;
Enhanced identity and access management for cloud networks;
Security administration, policy enforcement, real-time alerting, and audit reporting for mainframe hosts.
IBM has released the following video related to the news:
Many of these features and products directly address the issue of how employees can access unstructured data, mobile applications, and cloud services -- all the resources on which enterprises increasingly rely -- in a protected way.
IBM showcases two examples of firms targeting enterprise access control in the cloud: the Flemish Government, which has added IBM identity and access management software to assign multiple roles to one person's digital identity -- such as "public servant" or "notary." The government's cloud offers services for 6 million citizens via more than 100 Websites.
In another instance, Molson Coors Brewing Company in the US has added several layers of audit-related data to its access management system via IBM. Employees have one identity for accessing the corporate cloud, but that identity can also be associated with a variety of reports for corporate use.
The goal is not just keeping corporate data safe; it's also vital to prove to regulatory bodies like the US Securities and Exchange Commission that, in the event of a breach, all necessary measures were taken to protect data.
That's important when you consider the legal exposure and brand damage caused by insider threats. In September 2012, for example, non-profit consumer advocacy group Privacy Rights Clearinghouse posted five major data breaches in its database, encompassing more than 68,000 compromised data records (including personal Social Security numbers, names, address, etc.). Here are some of the chilling details:
September 7: The University of Miami Hospital discovered that two dishonest employees had accessed and possibly sold patient information, including names, dates of birth, and reasons for hospital visits, between October 2010 and July 2012. Estimated records affected: 64,846.
September 11: A former financial planner in Indianapolis was convicted for stealing information from about 3,000 of his clients, using it to open new accounts, get cash advances, make purchases, and more. He will serve two years in prison and pay $48,488.66 in restitution.
September 16: A dishonest employee of Quest Diagnostics in Madison, N.J., was found to have pilfered patient email containing personal information on an unknown number of patients.
Quest Diagnostics was among the firms suffering insider data breaches in September 2012. (Photo: Euthman)
These examples illustrate that insiders are a growing threat in today's enterprises, and it's important to address them in the context of emerging technologies like cloud services. In a recent blog, Bill Claycomb and Alex Nicoll of CERT Insider Threat Center stated:
We caution against simply casting previous solutions to other problems in light of a cloud environment... Rather, we suggest an approach grounded on solid information assurance principles and focused on finding new solutions that address real threats to cloud computing.
Today's announcement from IBM demonstrates a significant effort to implement just this kind of approach against the enemy within.
Indeed, there are a lot of great folk in the healthcare sector. A few bad apples turn up in any industry group. That said, I did find it interesting that hands-on theft was such a factor in so many data breaches -- we usually think of data exposure as something that happens strictly online. That's not the case.
Great info. This makes a strong case for improving the health system! I've often said that knowing the overall health system is the best preventative health tool - it keeps you healthy to avoid being hospitalized.
The reality you present, Mary, really is compelling evidence that we must have more transparency and accountability in the health system; that will also better support the good people in the system - and there are many! This confirms there is a lot of work for IBM in healthcare alone.
A quick check on Privacy Rights Clearinghouse shows that since Sept. 21, there have been about 15 data breaches at US medical or health facilities. Of those, four were inadvertent.
Among the other 11, a large number involved physical theft (as opposed to online hacking) of laptops, thumb drives, and other devices containing patient data.
Well, according to Privacy Rights Clearinghouse, there are a ton of data exposures that are inadvertent, but nearly just as many that come from employee dishonesty by healthcare workers. Not good news.
True, Mary. It's not intended maliciously; it is primarily a culture that has been accustomed to being in control of the patient and information. The legislation to secure patient information is in place, the culture is not.
This is a brilliant package and design by IBM to solve corporate problems, Mary.
You are absolutely correct on the nurses and healthcare. Having worked with the healthcare industry, and also teaching as an adjunct professor in health sciences program, they have been well oriented to patient confidentiality and HIPPA laws. Here in Calif., where we have the celebrity syndrome, Kaiser fired two nurses several years ago that only viewed the medical record, without authorization, of the celebrity Mom that had the quintriplets.
This IBM design is perfect for industries like healthcare that are going to have to build strong security systems, because the culture isn't there to meet the regulations.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Point Defiance Zoo & Aquarium saw a whopping 700 percent increase in online ticket sales due to social marketing last year. The Tacoma, Wash., facility expects to improve an additional 25 percent this year with social, analytics, and mobile.
Join us on Thursday -- that's tomorrow -- on IE Radio to find out more about the challenges of turning a maker of exercise equipment into a cloud software company.
Patients can become their own doctors, at least in preventing and managing chronic conditions, with the aid of wireless technologies, according to Joseph C. Kvedar, MD, director of the Center for Connected Health at Partners Healthcare.
In an era of municipal budget cuts and austerity, the small City of Staunton, Va., expanded its services to include municipal WiFi for residents, employees, and tourists.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
Microsoft's recent decision to bundle its Office software with business partner offerings indicates that cloud software may be in the news, but licensed packages are still in demand for failover.
Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Big-data has become a big point of emphasis for many businesses. While the technology is available to deploy these applications, the needed personnel often is not. As a result, analytic engineers' salaries have blown past the six-figure mark, and hiring these experts has become a challenge for IT managers.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
