On a recent visit to London, Mike McKee, CEO of insider threat management company ObserveIT, dropped in to talk to Enterprise Times. We took the opportunity to ask McKee what the term really means. Who is that insider? A rogue employee? A partner? The cleaner? McKee said it encompasses any employee including contractors. A lot of organisations would not see a contractor as being a rogue employee as they are often invisible to many inside the company. Partners with access to systems are the same and as we increase the use of collaboration tools, their access to sensitive data is getting deeper.
One of the things McKee was keen to point out is that most of the time people are good people. The general assumption is that an insider incident has to be malicious. That is untrue. Everyone makes mistakes whether than be through a lack of training, knowledge or inattention. McKee gave the example of using the wrong app. For example sharing information with a partner via Dropbox only to discover that the company uses Box. Most employees will make that mistake which is exacerbated as BYOD and personal cloud spreads through the company.
McKee says that we need to do more to track the data in order to protect it. However, IT often no longer has a clue where the company data is. It is spread across company owned assets, cloud, personal devices and removable media. If we cannot see it then we surely cannot protect it. The only way to solve this problem is greater visibility over activity across devices and data. We need to identify the sensitive data and track how it is used.
The key to this is not just getting large volumes of alerts but usable alerts with context. This requires an understanding of the data, what people are doing and how it is being used. This is far more than behavioural analytics. It goes much deeper than that.
To hear more of what Barnes had to say listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there