Information sprawl caused by distributed, networked computing is one of the biggest causes of data breaches, says...
a US-based security analyst.
Information will always be at risk as long as it is allowed to exist in several places in an organisation, said Dan Blum, principal analyst at Burton Group.
Organisations need to centralise information storage to increase control and eliminate duplication, he said.
"There has to be an architectural shift to enable information to be managed according to company policies," said Blum.
Increased bandwidth capacity, he said, has made it possible for most organisations to have a single data store that can be accessed by any authorised user.
"This will address another of the biggest causes of data breaches, which is a lack of proper access control," he said
According to Blum, organisations without proper internal controls expose themselves to risk of data theft and fraud by employees.
"A lack of proper access controls is known to have caused severe damage to companies like Indian outsourcer Satyam and French bank Societe Generale," he said.
As the Societe Generale case shows, it is important for organisations to have checks and balance in place to guarantee a proper separation of duties.
Rogue trader Jerome Kerviel should never have been allowed to assume that role in the bank, said Blum, because of his knowledge of the company's IT security systems.
Communication between business and IT needs to improve in many organisations to ensure the checks put in by IT meet the needs and concerns of the business, he said.
Blum will be part of a panel discussing high-profile data breaches at Infosecurity Europe 2009 at Earls Court in London on 28 April.