How Safe Is Your Data? Survey Shows UK Companies Do Not Control Employee Access to Sensitive Information

An independent survey published by UK company Secerno suggests that databases are open to attack from growing insider threats. Key findings from the survey were:
Over 60 per cent of UK employees have access to computer records at their place of work
41% have access to records that are not necessary for their job
One in ten has been tempted to abuse this access.
56% of employees have no restrictions placed on the information they have privileges to access.

Databases lie at the heart of most companies, and contain many of the most valuable assets of these organisations, and indeed of their customers. These assets range from research data, development plans and price lists through to Social Security numbers, credit card information, health records and buying habits.

Until now, there has been no way of stopping internal employees who have the necessary permissions to access a database from abusing those rights. In addition the incidents of database attacks originating outside the company are growing rapidly. A few high profile examples are hitting the headlines but this is just the tip of the iceberg. The trend now is towards targeted database attacks, using skilled hackers to obtain specific data from a specific company, by getting access through conventional firewalls, or by corrupting web applications, often with insider assistance . There has been no effective way of addressing these vulnerabilities.

Secerno has developed a unique new appliance that understands the patterns of normal access to each individual corporate database. The model of normal access is like the DNA of the database, and is learned over a period of time by the appliance, and will adapt to changing usage patterns. As such, IT Departments do not have to build complex policies; the system does it for them. The appliance can be installed in a matter of minutes and will then learn normal database usage, going on to protect the system without complicated user intervention.

The Secerno.SQL appliance also helps companies meet compliance requirements. Companies need to be proactive in recording who is accessing what data, and when. They need to create efficient logging environments demonstrating audit compliance.

Secerno's breakthrough in an advanced branch of Machine Learning allows their product to learn how each specific database is being used, and then adapt to changing usage patterns. This technology is not constrained by the signature-based approach which prevents traditional tools from dealing with carefully crafted database attacks. Similarly, encryption and authentication methods will do little to stop misuse by authorised users.

write your comments about the article :: 2006 Computing News :: home page