« Log Management 'Triplets' To Protect Your Information | Main | Legal Lessons From a Computer Fraud Case . . . »
Is your data protected if the company closes its doors?
There has been a lot of buzz in the press lately about what happens to confidential data when employees are laid off and, or an even worse situation, a company goes out of business. This brings up an important issue for enterprises who face stringent industry and government requirements for controlling and monitoring what happens to their information assets. Who is accountable for the corporate data amassed over its lifetime after it closes doors?
One way to keep an eye on your data when you are in business is to automate IT operational tasks for continuous assessment of the risk profile, to bring unusual activity to your attention. Our CEO, Pat Sueltz, discussed the simple and complex aspects of IT process automation with eWeek's editorial director, Michael Vizard, for a podcast this week. You can check out the podcast here.
“Trust but verify” is the mantra in our log management world. Although log management is but one of the defenses in your security armoire, it is an important building block to monitor user and system activities to identify and correct the gap between your security policies and the reality on the corporate network a.k.a the ground. Automated log management can also be extended for security information and event management, database activity monitoring and managing compliance workflows.
If you're looking for other ways to make sure customer and business data isn't literally walking out the door, consider checking out Network World's podcast, "Why ex-employees are stealing your data." The podcast discusses results from a recent study conducted by the Ponemon Institute, "Jobs at Risk = Data at Risk." According to the survey of 945 people who lost their jobs in the past 12 months, 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job. A particularly interesting finding we noticed: only 37% of these individuals were actually asked to leave their jobs – the other two-thirds either found a new job or left in anticipation of lay-offs.
In other words, whether employees have ill will against a company or not, there is no excuse for not protecting and monitoring your data. Another article on the subject in CIO Magazine yesterday brings up the issues of private data being auctioned off in fire sales as companies go out of business and improperly disposes of their sensitive corporate and customer information.
The privacy policies that are communicated to external parties like customers, employees, and other partners almost always discuss it in the context of their business as a going concern. They even discuss how the information will be treated in the event of an acquisition or with their other subsidiaries. I have rarely seen them discuss what they do to your information if they just simply shutdown.
Data governance continues to be a challenge today. Disaster Recovery and Business Continuity plans are also more the norm than the exception today. But, if you are the IT Security team, have you given thought to how you would handle the corporate data (including all kinds of PII and logs) in the event of a company closure? As a consumer do we have any rights to the data and content we shared with this company during its life time? Shouldn’t it be just as natural for the company to be responsible here? Just as we plan our legacy in the event of a sudden life changing event in our lives …like wills and trusts?
Posted February 26, 2009 in Security | Permalink
January 2010
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Categories
Archives
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005