ZDNetAsia : Printer Friendly - Insider threats still trouble Asian businesses

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Insider threats still trouble Asian businesses

By Vivian Yeo
Tuesday, April 15 2008 08:28 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,62040226,00.htm

More regulatory compliance in Asia can reduce the occurrence of insider threat in the region, according to security vendor CA.

P.F. Vilquin, CA's security director for the Asia-Pacific region, told ZDNet Asia Tuesday the region falls behind that of more mature economies like the United States in the use of technology such as identity and access management (IAM), to counter the insider threat.

In managing corporate security, Vilquin said Asian companies have done fairly well to put in place a strong foundation of perimeter security, he noted in an interview.

Three signs your company is vulnerable to the insider threat

1. No traceability software--the lack of an audit trail means you can't tell for sure what went wrong and who did it.
2. Lax provisioning of user access to IT systems--no one seems to know for sure whether a particular user gets permanent or temporary access to an application, or if user access provision should be removed immediately after an employee leaves the company's payroll.
3. Lack of formal policies concerning IT security--there is no document or code of conduct that spells out clearly what users at various levels should or should not do, such as connecting personal laptops to the corporate network.

Source: CA

Businesses are slower to adopt technologies such as IAM, due to a lack of formal regulations in Asia and user resistance in detailing work processes and policies, especially in automating processes such as user entitlement and workflow approval.

User resistance, noted Vilquin, comes with the mentality of wanting to be indispensable. "People don't want to explain what they are supposed to be doing and therefore it is very difficult…to put into a process, unless there is a regulation that forces them to do so," he said.

Automation, however, is an important piece of the security puzzle as it eliminates for example, human error, added Vilquin. History has shown that manual processes were to blame in most cases of data loss or leakage.

However, Asian businesses, and in particular smaller enterprises, will increasingly adopt IAM technologies as a result of falling costs and the desire to become more efficient in the use of IT systems, said Vilquin.

He said: "As the technology evolves, it becomes cheaper and easier to implement this kind of automation…because products mature--they integrate more [features], they get easier to deploy and the environment is usually simpler.

"There is still an advantage for the small companies to go with automation--even if they are small companies they usually do business with multiple partners, they may have a large set of customers, so the automation may not necessarily be geared toward improving their internal systems, but the external--making their customers' and partners' lives easier."