Insider threats still trouble Asian businesses
Tuesday, April 15, 2008 08:28 PM
A lack of compliance regulations in Asia adds to the problem, but falling prices of identity and access management tools could change things, says CA.
More regulatory compliance in Asia can reduce the occurrence of insider threat in the region, according to security vendor CA.
P.F. Vilquin, CA's security director for the Asia-Pacific region, told ZDNet Asia Tuesday the region falls behind that of more mature economies like the United States in the use of technology such as identity and access management (IAM), to counter the insider threat.
In managing corporate security, Vilquin said Asian companies have done fairly well to put in place a strong foundation of perimeter security, he noted in an interview.
1. No traceability software--the lack of an audit trail means you can't tell for sure what went wrong and who did it.
2. Lax provisioning of user access to IT systems--no one seems to know for sure whether a particular user gets permanent or temporary access to an application, or if user access provision should be removed immediately after an employee leaves the company's payroll.
3. Lack of formal policies concerning IT security--there is no document or code of conduct that spells out clearly what users at various levels should or should not do, such as connecting personal laptops to the corporate network.
Businesses are slower to adopt technologies such as IAM, due to a lack of formal regulations in Asia and user resistance in detailing work processes and policies, especially in automating processes such as user entitlement and workflow approval.
User resistance, noted Vilquin, comes with the mentality of wanting to be indispensable. "People don't want to explain what they are supposed to be doing and therefore it is very difficult…to put into a process, unless there is a regulation that forces them to do so," he said.
Automation, however, is an important piece of the security puzzle as it eliminates for example, human error, added Vilquin. History has shown that manual processes were to blame in most cases of data loss or leakage.
However, Asian businesses, and in particular smaller enterprises, will increasingly adopt IAM technologies as a result of falling costs and the desire to become more efficient in the use of IT systems, said Vilquin.
He said: "As the technology evolves, it becomes cheaper and easier to implement this kind of automation…because products mature--they integrate more [features], they get easier to deploy and the environment is usually simpler.
"There is still an advantage for the small companies to go with automation--even if they are small companies they usually do business with multiple partners, they may have a large set of customers, so the automation may not necessarily be geared toward improving their internal systems, but the external--making their customers' and partners' lives easier."
» Achieve enhanced server performance with energy-efficient blade technology
There are currently no comments for this post.