Two stories that hit the news lately were the leaking of the last book in the Harry Potter series, Deathly Hallows, and some of the fall TV pilots on the Web. Listening to the experts discuss the leak of the Harry Potter book, they all agree that it was someone who had access.Experts are unsure as to whether the leak of the fall pilots was a publicity stunt or internal leak. In the P&C industry, we do not have access to multi-million dollar blockbusters but we do manage sensitive information within our policy administration systems.
In this industry, we do a good job of creating security within our applications. But what are we doing about securing the systems themselves? How are we helping our clients to secure their systems? At a security conference that I attended, one of the presenters told of a client that glued all the USB ports on all company computers to prevent the loss of information. This is an extreme solution to the problem.
There is no easy answer to the problem. If you use a cryptographic file system, that will prevent unauthorized users from gaining access to the files. Authorized users can still view the information and the files will be automatically de-crypted when copied. It appears as though new operating system releases will help provide means to better restrict access to the system. There are some third party tools out there to manage file transfers but there is no silver bullet to solve this problem.
- By Howard Kennedy ISO Rating Service Technical Liaison/Technical Architect ISO-ITSIn this industry, we do a good job of creating security within our applications. But what are we doing about securing the systems themselves?