Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
November 2009

Enterprises must treat Insider risk as they do external threats

If your enterprise is drawing a figurative line down the middle of its network and divvying up security differently between insiders and outsiders, then honestly, you're so six years ago. Get with it. Outsiders are on the inside today. Customers, business partners, suppliers, contractors, and anyone else who tunnels in through your network or walks through your company's front door and has authorized access to systems or data is an insider -- or is it an outsider? Either way, it doesn't really matter, the old paradigm is gone. Get over it. "Where the attack comes from is irrelevant," says blogger and senior vice president of strategy at eIQ Networks, Mike Rothman. "This idea of segmenting security defenses seems to be a marketing scheme and a very 2003 way to look at security. I always recommend to people that there is no insider. Everybody needs to be treated as an outsider. The old truism of trust-but-verify is absolutely critical." The firewall used to be the great divide between insiders and outsiders, but third-party access...

Features in this issue

  • Integrated change management reduces security risks

    by  Diana Kelley and Ed Moyle

    Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.

Columns in this issue

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDataBackup

SearchStorage

-ADS BY GOOGLE

Close