The Dangers of a 'Trust and Forget' Approach to Data Security
Walking the line between granting information access and conducting effective employee monitoring requires the ability to continuously track user activity,
Join the DZone community and get the full member experience.Join For Free
"Set it and forget it" is a marketing catchphrase that software vendors use to assure IT administrators that neither they nor their users will have to constantly manage notifications and install updates. It was especially popular in the mid-2000s after Microsoft launched the Vista operating system that was infamous for overwhelming users with a steady stream of security alerts.
Trouble is, this mindset too often mutates into a "trust and forget it" approach to granting employees access to sensitive information. That leaves the figurative door wide open for employees and external attackers to exploit the excessive access rights which then leads to inadvertent loss of sensitive data and external data breaches.
The role of IT has evolved from the department that once made it difficult to access sensitive files, to one that facilitates information-sharing and improves collaboration among users. That requires sometimes allowing access to information or network resources in order to meet urgent business needs or to comply with an executive request. Nothing wrong with that, IT is a key player in driving the business forward. However, if those permissions remain open indefinitely or unmonitored, the risk of significant data exposure or a breach skyrockets.
Consider the case of Galen Marsh, a former wealth management adviser at Morgan Stanley. In 2015, he pleaded guilty to illegally accessing account holders' names, addresses, and other personal information from the systems the firm used to manage confidential data. For nearly four years, he went undetected while conducting almost 6,000 unauthorized searches of confidential client information, which he then uploaded to a server at his home.
The case illustrates why IT needs complete visibility to all sensitive information, where it is and how it is being accessed, shared and moved. However, that does not mean reverting to out-dated policies that restrict information access and place obstacles in front of users just trying to get their work done.
The answer is to replace a "Trust and Forget" policy with a "Trust and Monitor" approach.
Walking the line between granting information access and conducting effective employee monitoring requires visibility: the ability to continuously track all activity to provide full context into where your sensitive information assets are and how and when they are created, accessed, moved, and shared. This is critical to your security professionals' abilities to keep on eye on critical data and make sure it is handled safely and securely so you don't end up headlining in yet another disastrous data breach.
If you have questions about how to achieve full visibility, I refer you to our earlier post, "What Exactly is 'Visibility'? A Security Perspective."
Published at DZone with permission of Gajraj Singh, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.