You can’t erase every in-house security threat. But there is software to help you manage the risks. Steve Hunt, an analyst at Giga Information Group, puts the software into four categories.
1. Authentication software
It answers the question Who are you? Includes passwords, smart cards, biometrics and single sign-on technologies. Web single sign-on is often used as a single point of authentication for browser-based users accessing Web-based applications. Leading vendors include Netegrity and Computer Associates.
2. Authorization software
Operating systems such as Unix and Windows NT offer modest protection for controlling who has access to what files. Systems administrators can set permission levels so that certain users can read, write or execute certain files or folders. The problem? The settings are time-consuming to configure and easy for savvy users to override. Authorization software, sold by Computer Associates, IBM and others, enforces the rules you’ve set up.
3. Administration software
This software makes access control a little neater. Sold by Access360, BMC Software, IBM’s Tivoli Systems and others, administration software allows companies to keep track of all their users and what access those users have to specific data. It would allow a security manager to place one call instead of asking 25 systems administrators to change access levels, Hunt says. A company with 30,000 employees would spend about $1 million on software and consulting fees. But even then, Hunt says, a savvy internal hacker could cause problems.
4. Audit software
BindView, Counterpane and PentaSafe offer products and services for answering the question What happened? They report security events, identify anomalies and identify trends. Companies use audit info to improve the quality of their applications as well as security.
Hunt says that CIOs can solve 90 percent of the threat by combining the use of tools such as these with corporate firewalls, internal VPNs and network intrusion detection tools. “That just cost you $2 million if you’re a big company, but you have to ask yourself, What would a competitive espionage breach cost you in market momentum, legal fees or embarrassment?” Hunt asks. “That’s when you take a walk through your cubicles and try to see how disgruntled your employees are.”