Sometimes the threats we face aren’t in the Cloud — they’re in the office with us.
Many of the security issues we have discussed in this blog have revolved around protecting an organization’s data against external threats. Hackers and other cyber criminals pose a risk to organizations, but so do employees, especially since they have greater and even legitimate access to sensitive data. Fending off insider threats is much more difficult than locking down a system to prevent unauthorized access from the outside, but it is equally important.
Internal security teams sometimes lack the training to deal with internal threats. Or they just may not be prepared to treat the potential threats posed by their fellow employee with the same suspicion and scrutiny they would use to deal with external threats. But threats from insiders have potential to do far more damage and to leak far more data because they have legitimate access that goes as far as their user permissions allow.
Employees authorized to access the mainframe can cause data breaches through ignorance, carelessness, or malicious intent. A 2013 report from Forrester Research showed that 36 percent of data breaches came through employees’ accidental misusing of data. Security professionals need to take steps to make sure the systems they protect are as safe from authorized users as they are from hackers. Achieving that requires implementing several security best-practices including the following:
Encrypt sensitive data
Encryption is critical for keeping data safe from insider threats. Data is typically encrypted when it moves into and out of the mainframe, but data at rest (being stored) in the mainframe should also be encrypted so that it is not readable by employees that don’t need to have access to it to perform their job. Unless there is a need-to-know situation, administrators are better off not being able to see the data they administer. It’s critical that your data is protected from outside threats as well as from employees who don’t need to see it for their jobs.
Implement strong access controls
Automating password management will save your Help Desk employees time and increase the security of passwords. Without an automated system, an employee could more easily trick a Help Desk employee into giving out a password with elevated permissions. An automated system for password management protects the system from social engineering and other manipulative ways of hacking a system. And of course, not every employee should have access to every last bit of data. People should only be able to see what they need to see — so ensuring appropriate levels of access to data can protect against a database-wide breach.
One of the ways to prevent data from breach from insiders is through separation of powers. One employee, no matter how trusted, should not have full control over a system. Separating security duties can go a long way in keeping any one employee from accidentally or purposely leaking data. Staff members should not have access to data they do not own. Encrypted data with easily accessible keys is no more secure from internal threats than unencrypted data. Only the owners of the data should have access to the decryption keys. Dividing up responsibility for access to the system among multiple employees or departments can greatly reduce the risk of individuals compromising the system.
Clear audit trails
Employees will be less likely to attempt a data breach if their work can be easily traced back to them. An audit trail is a must-have for any security system. You must be able to trace back an exploit or a data breach to its source. Following a piece of data through the system will give insight into the different points at which it can be manipulated, providing you with the information you need to ensure its security.
One of the most critical elements of preventing data breaches from employees is through establishing a culture of security where everyone takes security threats seriously and everyone is empowered to point out and suggest fixes to weak points in the system.
Finally, remember — the cost of protection will always be less than the cost of a data breach, no matter whether that breach is in the Cloud or right in your own building. If you want to learn more about how you can increase the security of your mainframe system, read more about our data security software products.