Cyber-Ark says Goldman Sachs indictment highlights need for secure data sharing
February 2010 by Marc Jacob
Reports that a computer programmer - charged with stealing data from a major bank - has been indicted by a federal grand jury in the US shows how easy it is for valuable company data to electronically go walkabout, says Cyber-Ark.
"This case is interesting as it apparently involves a former member of the bank’s IT staff allegedly downloading software and allied data from his former employers’ servers, and relaying it to a German Internet account," said Mark Fullbrook, UK and Ireland director with the data security specialist.
"It’s also alleged that the ex-employee also stored company computer data at his home, ready to take to his new job. The fact that the man was earning $400,000 a year indicates how high up he was before left the bank last June," he added.
More than anything, says Fullbrook, the case is a classic example of what can go wrong when you allow IT staff complete and unfettered access to the company’s data.
Whilst it’s clear that IT staff have the best chance of gaining unauthorised access to company data, had the data been stored in a secure and encrypted environment, then it could have been securely shared with only those staff that needed access, and logs maintained on who accessed what information and when, he explained.
"If private data is relayed across a company’s network in any way, it should be protected from prying eyes. This is commonsense IT security. Using this approach would have meant that those who should have had access to the data, would have been able to look at it” he said.
"This case is a significant failure of IT security procedures at multiple levels as far as the financial institution is concerned. It is to be hoped that a full investigation will ensue and remedial action is taken, including installing a secure and managed file sharing solution, allowing staff access to the data they need, but in a highly controlled manner," he said.