Can IT beat the clumsy human pt1

One of the greatest challenges is securing data, especially for some reason data that contains information on people. It’s almost like personal data morphs into the people it represents and wants to break free of the constraints placed upon it within the database and applications. When you look at how many ways data can escape these constraints you often wonder is it possible to protect from humans from assisting in data breaches.

So let’s have a quick look at what can go wrong;

“Export” could be the greatest contributor to data breaches ever. How many people use this luxurious command to get data into excel so they can massage it with pivot tables. Now the clumsy human is a simple being so files are often labelled like “first half year forecasts” or “details of registered guests”. Once this data is exported from the confines of a structured data store and let loose in the unstructured world there is little that can be done.

“WEB2.0” have you noticed how easy it is these days to share files across the internet via social network sites, cloud computing, software as a service, online storage, instant message ect. Indeed except for twitter almost every other WEB2.0 technology is a haven for moving data. For the clumsy human it’s all too easy to store data somewhere in the cloud for convenience and backup assurance.

“eBay” unfortunately shows these clumsy humans like nothing else. Only last week it was revealed a poor and i suspect now unemployed individual sold a work PC via ebay that contained private customer data. Regardless what process’s are in place the clumsy human needs to follow them. Do we insist all devices with a hard disk be destroyed via some huge cheese grater when decommissioned? – Probably.

“Smartphones” are again a great leveller when it comes to corporate security. Almost everyone has a phone with at least 256MB of RAM. This amount of RAM seems small these days, but 100MB can store several volumes of an encyclopaedia. Or 1000’s of contact details. With email synchronisation being more common now, again the clumsy human doesn’t have a chance.

See part 2 of the clumsy human for some recomendations

ANZ Technology Kick Off Data Security and PCI DSS

I would like to thank Michael Ryan from Vectra Corp who presented at Oracles Technology Summit in Sydney this week. Mike explained how PCI DSS is impacting organisations in Australia that store credit card details. Mandatory compliance will be introduced later this year around PCI, this means that organisations that have been delaying their complaince run the risk of a fine or multiple fines being issued by MasterCard or Visa. At worst merchants may loose the right to transact with credit cards.

So is technology needed for PCI DSS? well the short answer is not really. In the USA organisations have survived through mosts compliance regimes without implementing technology solutions. But what they are now fining is that complaince is costing a lot of money. So now that organisations are compliant they are now looking at how to reduce the compliance costs. This is where technology has an important play since automation is the key to reducing costs. Some of the requirements of PCI include keeping patching upto date, user access secuirity, encryption and auditing. All of these can be supported by Oracle's security solutions that will lock the database down and manage access and authorisation requests.

Here is Michael's presentation

Window of Opportunity - PCI DSS Briefing external - Upload a Document to Scribd

Read this document on Scribd: Window of Opportunity - PCI DSS Briefing external

Here is my introduction slides

Datasecurity - Upload a Document to Scribd

Read this document on Scribd: Datasecurity

If you would like more information please contact myself or Vectra
Cheers