Actu
Cyber-Ark says Goldman Sachs indictment highlights need for secure data sharing
February 2010 by Marc Jacob
Reports that a computer programmer - charged with stealing data from
a major bank - has been indicted by a federal grand jury in the US
shows how easy it is for valuable company data to electronically go
walkabout, says Cyber-Ark.
"This case is interesting as it apparently involves a former member of
the bank’s IT staff allegedly downloading software and allied data
from his former employers’ servers, and relaying it to a German
Internet account," said Mark Fullbrook, UK and Ireland director with
the data security specialist.
"It’s also alleged that the ex-employee also stored company computer
data at his home, ready to take to his new job. The fact that the man was
earning $400,000 a year indicates how high up he was before left the
bank last June," he added.
More than anything, says Fullbrook, the case is a classic example of
what can go wrong when you allow IT staff complete and unfettered
access to the company’s data.
Whilst it’s clear that IT staff have the best chance of gaining
unauthorised access to company data, had the data been stored in a
secure and encrypted environment, then it could have been securely
shared with only those staff that needed access, and logs maintained
on who accessed what information and when, he explained.
"If private data is relayed across a company’s network in any
way, it should be protected from prying eyes. This is commonsense IT
security. Using this approach would have meant that those who should have had access to the data, would have been able to look at it” he said.
"This case is a significant failure of IT security procedures at
multiple levels as far as the financial institution is concerned. It
is to be hoped that a full investigation will ensue and remedial
action is taken, including installing a secure and managed file sharing
solution, allowing staff access to the data they need, but
in a highly controlled manner," he said.
