News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Martin MC Brown's picture
Martin MC Brown

Computing From the Front Lines

More posts | Read bio

October 16, 2008 - 12:39 P.M.

Employees cause most corporate data loss

3 comments

I remember describing many years ago about the issues of security in the typical data center (or, as we called them back then, server room). Talking to a room of IT managers with their own facilities, more than half were stunned when I talked about physical security as one of the most important aspects of any security system.

I was disturbed to find that almost a third had no type of physical security in place on their servers, or the room in which they were kept. Having visited some of the sites, some of them even showed off their 'datacenter' in glass-fronted rooms in reception to show how big and important their company was. A small proportion of these even let people walk into the room.

Today, I hope, we don't have these situations. I have no problem with allowing people to see your data center (escorted, of course), but allowing unrestricted access, as many of these companies did, means that vast chunks of your software and network security are thrown out of the window. If I can steal your machine, access the hard drive, or even just the console, it doesn't matter how many firewalls you have or whether your systems have token card access. With physical access, all bets are off in terms of getting access to your data.

Of course, there is still one group of users who not only have access to your hardware, but also to your software, and they account for a large proportion of security breaches and losses.

There is no solution to this problem, aside from the one I've been repeating for years - educate your users. Luckily, we have plenty of examples of where carelessness (or callousness) can have a direct effect on individual users. The TJ Maxx data loss, or in the UK the loss of details of every family claiming benefit is something that will resonate with individuals. Explain to them that losing corporate data is akin to giving their credit card details out, and perhaps they would begin to take the issue more seriously.

What People Are Saying

Add new comment

If you want computer security

Submitted by Anonymous on October 21, 2008 - 9:20 A.M.

If you want computer security, stop the flow of electrons! It's those electrons that cause all the problems with computers.

There is no such thing as computer security. It is a myth.

You can manage risks (people) but you can't control them.

When I was in ROTC, the instructor had one lesson called, "Take care of your sergeants or your sergeants will take care of you!"

Give your people everything they need to succeed, including training and information, and they probably will succeed. If you set them up for failure, by not giving them proper training and resources, then you will suffer the consequences.

Reply | Report this comment

Wow.......... I'll always

Submitted by Anonymous on October 17, 2008 - 2:04 P.M.

Wow..........

I'll always remember one comment from a security officer when it comes to physical security: If I can touch your servers, they're no longer yours, they're mine.

Reply | Report this comment

You're right

Submitted by Seth on Log Management on October 16, 2008 - 5:20 P.M.

Couldn't agree more. It's a tough pill to swallow. And once the damage is done, it's done. Doesn't matter if you have event log programs to track the changes. Would help though to have a dynamic log management system that allows and disallows changes to networks and consoles, etc. Just a though.

Seth

Reply | Report this comment

Related Posts

Security and the cloudy cloud: A revolution for the infrastructure?
Starvation by virtual invisibility
Security vendors are showing movement!
More organizations relocating virtual objects for secure operations

Today's Top Stories

Elgan: The wireless carrier coup must be stopped
Vista Ultimate users fume, rant over Windows 7 deals
Judge temporarily dismisses MySpace cyberbully case
Mozilla slates first Firefox 3.5 patch
SJVN: London Stock Exchange to abandon failed Windows platform
Say no to SQL? Anti-database movement gains steam
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.