Information sprawl caused by distributed, networked computing is
one of the biggest causes of
data breaches, says a US-based security analyst.
Information will always be at risk as long as it is allowed to
exist in several places in an organisation, said
Dan Blum, principal analyst at Burton Group.
Organisations need to centralise information storage to increase
control and eliminate duplication, he said.
"There has to be an architectural shift to enable information to
be managed according to company policies," said Blum.
Increased bandwidth capacity, he said, has made it possible for
most organisations to have a single data store that can be accessed
by any authorised user.
"This will address another of the biggest causes of data
breaches, which is a lack of proper access control," he said
According to Blum, organisations without proper internal
controls expose themselves to risk of data theft and fraud by
employees.
"A lack of proper access controls is known to have caused severe
damage to companies like Indian outsourcer Satyam and French bank
Societe Generale," he said.
As the
Societe Generale case shows, it is important for organisations
to have checks and balance in place to guarantee a proper
separation of duties.
Rogue trader Jerome Kerviel should never have been allowed to
assume that role in the bank, said Blum, because of his knowledge
of the company's IT security systems.
Communication between business and IT needs to improve in many
organisations to ensure the checks put in by IT meet the needs and
concerns of the business, he said.
Blum will be part of a panel discussing high-profile data
breaches at
Infosecurity
Europe 2009 at Earls Court in London on 28 April.
Infosec 2009: an essential guide for IT professionals
>>