Infosec 2009: Data consolidation is key to security, says US analyst

Information sprawl caused by distributed, networked computing is one of the biggest causes of data breaches, says a US-based security analyst.

Information sprawl caused by distributed, networked computing is one of the biggest causes of data breaches, says a US-based security analyst.

Information will always be at risk as long as it is allowed to exist in several places in an organisation, said Dan Blum, principal analyst at Burton Group.

Organisations need to centralise information storage to increase control and eliminate duplication, he said.

"There has to be an architectural shift to enable information to be managed according to company policies," said Blum.

Increased bandwidth capacity, he said, has made it possible for most organisations to have a single data store that can be accessed by any authorised user.

"This will address another of the biggest causes of data breaches, which is a lack of proper access control," he said

According to Blum, organisations without proper internal controls expose themselves to risk of data theft and fraud by employees.

"A lack of proper access controls is known to have caused severe damage to companies like Indian outsourcer Satyam and French bank Societe Generale," he said.

As the Societe Generale case shows, it is important for organisations to have checks and balance in place to guarantee a proper separation of duties.

Rogue trader Jerome Kerviel should never have been allowed to assume that role in the bank, said Blum, because of his knowledge of the company's IT security systems.

Communication between business and IT needs to improve in many organisations to ensure the checks put in by IT meet the needs and concerns of the business, he said.

Blum will be part of a panel discussing high-profile data breaches at Infosecurity Europe 2009 at Earls Court in London on 28 April.

Infosec 2009: an essential guide for IT professionals >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close