When You Know Too Much: Protecting Security Data from Security People
As security tools gather growing amounts of intelligence, experts explain how companies can protect this data from rogue insiders and other threats. Separation of Duties & Access
Having looked at some ways organizations could put data at risk, it bears mentioning there are steps they can take to protect it.
Tim Junio is CEO at Expanse, an organization that collects a great deal of data. To enable customers to identify unknown assets and potentially malicious traffic, Expanse "maintains a historical record of all assets connected to the Internet, who owns them, and communications between them."
To protect that data, Junio says, engineering and data science employees with access to back-end systems are required to sign an agreement, separate from their employee contracts, which states they won't use the data outside certain applications.
"The number of people in the company who could get access to the data is a relatively small number," he says. Systems are also segmented so people who don't need certain data don't have access to it. For example, employees in the marketing department can't reach back-end systems. Still, there are logging mechanisms in place to prove whether anything bad has happened, view conditions that shouldn't have arisen, and reconstruct historical activity.
Last is audit, says Junio, to ensure systems are behaving as expected. The security manager does his own compliance and audit checks; however, third-party pentesting and security checks are also in place.
Herold advises maintaining separation of duties to ensure people who have access to sensitive data are different from the people approving that access. "You don't want people to approve their own access to mission-critical data or large repositories of personal data," she adds.
Onboarding and offboarding controls are also essential to ensuring sensitive data stays where it belongs. Herold has worked with "probably well over 100" organizations that have had employees in IT and throughout the organization take data from the company when they quit or were fired. "That's a huge vulnerability that needs to be addressed," she notes.
For physical security, she suggests the addition of a "clean room," which is a space in the organization that employees use without their computers or smartphones. They enter the room, access the systems and data they need, do their work, and leave. "The only way they could take data outside of that clean room is with their human memories," she notes, adding it's an effective way to prevent employees from taking information outside the business.
(Continued on next page: Lessons from financial services)
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
2 of 3

Recommended Reading:
More Insights