Threat from within
0 likes394 views
The webinar discusses the challenge of protecting organizational content from internal threats, emphasizing that a significant percentage of security breaches are caused by authorized employees. It proposes various measures to enhance accountability, visibility, and traceability, including audit trails, user comments, and access management strategies. Nuxeo's platform is suggested as a solution to effectively manage and secure digital content while minimizing risks associated with internal access.
Threat from within
- 1. The Threat From Within! Frank P. Rocha, CDIA+ Director of Marketing – Financial Services
- 2. 2 Level Setting Todays Discussion • Today’s webinar is intended to foster thought, debate, and collaboration within you organization along with Nuxeo in order to determine the best course of action for protecting content within your organization. • The discussion today will be conceptual in nature. • It is NOT intended to lay out specific technical details for implementing the concepts I will present to you today. • The concepts discussed today have been proven and shown to be effective • For more information on how the Nuxeo platform can be leveraged to manage and secure you digital content, contact us at www.nuxeo.com.
- 3. The Threat From Within! Organizations are focused on preventing access from “external” agents. Breeches and malicious activity are often performed by “employees” authorized to access the very content they intend to damage. What steps can be taken to deter such activity? 2 How can organizations protect their content from malicious activity perpetrated by individuals with complete authorization to perform the activities they are engaged in?
- 4. 33% of threats come from employees 25% come from the extended enterprise (ex-employees / trusted partners) 87% are the result of inadvertent human error 82% result from lack of awareness /understanding of security threat - clearswift
- 5. As It Relates To Content ….. 5 • Someone in HR deletes a negative recommendation for a friend applying at the company. • A person in the mailroom writes an offensive comment on a piece of customer correspondence. • Claim Handler deletes information from the claim file of a relative. • Customer Service Representative examines file of celebrity for sale to media. • Loan Officer changes metadata to misfile documents after dispute with customer. • Customer Service Representative views company executive file without business justification. • Life Insurance employee views medical information of fellow employee.
- 6. Extremely Difficult to Prevent 6 • One of the most difficult security measures to enforce, is the protection of information from individuals who already have access to that information • Damage to the brand can be extensive (regulatory, punitive, trust) • The vast majority of employees are honest hard working individuals • At times the actions taken can be accidental • Many individuals guilty of such activity are unaware that their actions can be traced Actions taken by authorized individuals are extremely difficult to prevent. Today, we will discuss measures that can be taken during the implementation of your Content Services Platform to introduce Accountability, Visibility, and Traceability to dissuade malicious activity
- 7. AUDIT TRAILS USER COMMENTS SPECIAL CUSTOMERS FLAG & REPORT CONTENT IN CONTEXT CONCEPTS 1 2 3 4 5 6 7 ACCESS MANAGEMENT 8 AUTOMATIC VERSIONING LOGICAL DELETE
- 8. 8 Audit Trails • Audit trails should be displayed by default when content is accessed • Audit trails provide a visual confirmation that all access to digital content is being monitored and logged. • Should be displayed in reverse chronological order (newest first) • Display DATE/TIME/EMPLID/ACTION TAKEN • Can be maintained for the life of the contentAdditional Benefit Provides the employee with an immediate history of all actions taken on the content, when, and by who.
- 9. 9 User Comments: Optional/Mandatory • Augments Audit Trails • Should be displayed with Audit Trails • Audit Trails tell Who, What, and When; Comments tell “Why?” • Standardize if reporting on comments is required • Comments can be optional or mandatory • Mandatory further enforces that access must be performed in the normal course of business Additional Benefit Explains to supervisors why actions were taken.
- 10. 10 Special Customers • Manage access based on special customers list: • High Profile Customers • Company Officers, Executives, Employees • Restrict access to particular roles or levels of security Additional Benefit Prevent “inquisitive” minds. (people just being nosy).
- 11. 11 Flag & Report Unauthorized Access • Provide a visual indicator that unauthorized or inappropriate access has been attempted • Provide immediate notification to IT Security • Immediately suspend further access if necessary Additional Benefit • Visual warnings can serve as successful deterrents to future activity. • Allows IT Security/HR to take immediate and appropriate action. • Can feed analytics and trend analysis.
- 12. 12 Content in Context • Only deliver the relevant content necessary to perform the task at hand. (typically workflow driven) • Only allow ad-hoc access to relevant content Additional Benefit • Reduced payload and complexity of workflow
- 13. 13 Access Management • Manage access in real-time • Provide access only during a given task • Access today, does not mean access tomorrow Additional Benefit • Provides granular control of content access • Protection for highly sensitive data • Enforces “Need-to-Know” access
- 14. 14 Automatic Versioning • Versioning should be automatic when content is modified • Important if “structural” modifications are allowed (merge, split, add page, delete page, rearrange pages, etc) • Modified version becomes current version • Visual indicator that “other” versions exist. Additional Benefit • Establishes content tracking • Allows users to see what modifications have been made and by who
- 15. 15 Logical Delete • An employee should never be able to “physically” delete content • Content is simply “flagged” as deleted or moved to Recycle Bin • Restricts content from default search results • All deleted content can be display if explicitly requested • Only persona of Records Manager can physically delete content Additional Benefit • Removes uncertainty – “Is the system losing content?”
- 16. CONCLUSION: Accountability, Visibility, & Traceability • Protecting content when access is authorized is extremely challenging • Must ensure the integrity of your Content Services Platform • Simple measures can introduce Accountability, Visibility, and Traceability • Provide for the protection of content and a tracking mechanism for actions taken and by who 16
- 17. The Nuxeo Advantage 17 Function Delivered by the Nuxeo Platform Audit Trails User Comments Special Customers Flag & Report Content in Context Access Management Automatic Versioning Logical Delete
- 19. Thank you! Contact information Frank P. Rocha, CDIA+ frocha@nuxeo.com