|
|
|
08 Oct 2007
The clamour from the House of Lords and throughout the UK for data breach disclosure laws is just one piece of evidence that people have lost faith in companies to protect their private data. In view of this rising concern and the rising breaches, enterprises need to do everything they can to reduce the chances of being a victim of such breaches. The key to this? Implementing internal controls.
Companies have long protected their perimeters but the perimeter is now long gone and protection from within is now the essential security frontier. IT managers need to find a way to control from within the campus, by ironing out who can get onto their networks, and more importantly, what users can do once they’re already on the LAN. They also need to protect against malware being unleashed – either accidentally or intentionally – that can aid in breaching privacy.
IT managers who think that passwords, anti-virus software, firewalls, or other security techniques already in place are sufficient should speak to those who lost their jobs at Barclays, Nottingham Hospital, and TK Maxx.
In this day and age of contractors, outsourcing, joint development projects, and remote working, companies can be far less certain of who’s on their LAN. As a result, they need technologies that can help them segment the users, identify the users and their roles, and limit their LAN access based on that role.
In one recent case, a LAN assessment showed what a worker coming in on a Saturday was actually doing. The worker had requested permission for overtime work because he was too overloaded to complete a project. The request was approved, because the project was time critical, but it turned out that he spent many hours that Saturday copying his recent vacation pictures from his laptop to an internet-based photo-sharing web site, adding captions along the way.
The reality is that businesses have had very limited resources for learning about user activity on the LAN. Typically, a company can at best authenticate whether a user belongs on the LAN. But only recently has IT had the ability to track and control what users can do after they’re on the LAN. Businesses shouldn't despair that they don’t have these controls in place now – they just shouldn't delude themselves that they don’t need them.
Related articles
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers that rozzers are seemingly living in the technology dark ages
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
Have your say