Nine Ways to Stop Industrial Espionage
by Calum Macleod - European Director of Cyber-Ark - Wednesday, 2 August 2006.
Ensure that Data at Rest is protected

The cornerstone of protecting storage while at rest is encryption. Encryption ensures that the data is not readable and thus maintains its confidentiality. But encryption that places high demands on managing is ineffective. By using transparent key management there is absolutely no need for user level or administrator level encryption key management or awareness, and the use of advanced cryptographic protocols, such as AES 256bit for both storage and session encryption and signing, guarantees the protection of the data :

Protection from data deletion, data loss

The protection of data by encryption is simply one part of the problem. Files may be accidentally or intentionally deleted or changed. Always keep older versions, ensuring an easy way to revert to the correct file content or recover from data deletion.

Protection from data tampering

Data inside protected storage must be tamper proof by integrating authentication and access control that ensures that only authorized users can change the data. In addition, to ensure that data manipulation that somehow bypasses the access control doesnít go unnoticed, digital signatures must be employed to detect unauthorized changes in the files.

Auditing and monitoring

Comprehensive auditing and monitoring capabilities are essential for security for several reasons. First, it allows the enterprise to ensure that its policy is being carried out. Secondly, it provides the owner of the information with the ability to track the usage of its data. Thirdly, it is a major deterrent for potential abusers, knowing that tamper-proof auditing and monitoring can help in identification. Finally, it provides the security administrator with tools to examine the security infrastructure, verify its correct implementation and expose inadequate or unauthorized usage.

End-to-End network protection

Security must also be maintained while the data is being transported over the network. The process of transferring data must be in itself secure. Users that store or retrieve data must be authenticated, sometimes using strong authentication mechanisms. In addition Access control must ensure that users only take appropriate action, and that only authorized actions are carried out.

Auditing is required to ensure that a detailed history of activities can be reviewed and validated

A sophisticated user management scheme along with strong authentication capabilities is essential. Access control must allow the ability to departmentalize the data and the access to it, and detailed logs auditing and tracking of every activity must be available.

Process Integrity

As data transfer is an essential part of a larger business process, it is critical to be able to validate that this step in the process was executed correctly. This requires the solution to provide auditing features, data integrity verification and guaranteed delivery options.

Itís always comforting to know that there is still some honesty in the business world when we hear about Pepsiís action in alerting their main competitor. But I guess we have to accept that this is the exception rather than the rule; so whoís deciding today whether to alert you to the fact that your corporate jewels are being hawked around, or are they just accepting that fate has dealt them a favourable hand.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th