Dark Reading has highlighted some very interesting statistics from the InformationWeek 2010 Strategic Security Survey.
“One statistic worth noting is that 55 percent of respondents to the InformationWeek survey said they monitor to reduce unauthorized attempts to access sensitive data. Unless those respondents’ data is accessed through Web applications, they will need something beyond the typical Web and e-mail monitoring tools — something in the realm of database activity monitoring or data loss prevention solution that can monitor and report on usage of sensitive data.”
There is no doubt that organizations will be implementing technologies to help them monitor employee access. What is required to achieve this objective without coming across as “big-brother” is the visibility to who has access to sensitive information resources, and the ability to determine whether it is actually needed in order to do their job.
Having an authoritative source for access governance policies coupled with data risk classification and activity monitoring technologies provides both a preventative and detective control environment that will enable organizations to achieve the principle of least privileged access while dynamically managing access risks.