The Problem of Privilege Management in Data Security

I was writing a whitepaper recently on privilege abuse and I noticed spellcheck had picked up on a typo on the word ‘privilege.’ I right clicked, and the thesaurus gave me some possible alternatives which really made me think about what it is for a user to be privileged. Figure 1: Definition of ‘Privilege’   Imagine if we actually thought about the people we are granting privileged access to … [Read more...]

When is a Data Breach Really Considered a Data Breach in the USA?

Here at Lepide we talk a lot about how we help companies identify and prevent data leakage and how we can help mitigate the risks of data breaches. However, it’s not always clear as to what constitutes a breach in real world terms. At what point is a breach technically a breach (i.e. what conditions need to be met before you are liable to disclose)? In the USA, definitions vary … Read more … [Read more...]

How Auditing Access Rights, States and Changes Helps Strengthen Security

According to an IBM Study, 60% of attacks come from inadvertent or malicious insider misuse. The importance of ensuring you’re able to keep track of what your most privileged IT users are doing cannot be understated. So, ensuring you have the appropriate means to track your most privileged users, and ensuring that granting of access rights is appropriate, should be a critical part of all IT … [Read more...]

Why IT Security Is Inside Out

We think there’s a big problem with how a lot of organisations approach IT security – and here’s why. We speak to IT teams on a daily basis about their security measures and hear all the same products being referred to and the vast sums of money spent on ensuring their systems are secure. However, the reality is that so many of the deployments of these security solutions fail due … Read more … [Read more...]

How will the GDPR Affect Companies in the USA

The United States has a number of different laws surrounding the protection of personal data such as HIPAA, SOX, PCI-DSS, and FTC, to name a few. Although the US does have numerous data laws, including the United States Privacy Act, Safe Harbor Act, and HIPAA, there is still a need for a centralized regulatory framework to deal with the collection, use, and dissemination of personal data. This … [Read more...]