[Skip to Content]
Fresche Quadrant Software BCD Software SoftBase NetLert

Posts Tagged ‘IP Theft’

To best prevent internal data theft, use multiple lines of defense

All Baseline Posts, Data Security, Regulation Compliance

Fogarty’s article on data theft does an excellent job of describing the root cause of Intellectual Property (IP) theft – human emotion. In environments where IT specialists are an integral part of creating and managing IP, the techniques Fogarty describes seem to be best defense. It’s not like you can prevent these employees from accessing IP. But when it comes to protecting sensitive customer data from internal theft, I would argue that organizations should use data masking as an additional line of defense.

A huge security hole exists when database applications are tested using real customer data. The test-data standard for most organizations is to copy data from their secure production database into the test environment, where the data can easily be copied to another computer or a flash drive. As Fogarty mentioned, most organizations use retroactive policies such as non-disclosure agreements, which do little to stop a determined thief.

Could you imagine the damage a disgruntled application developer could cause with all of your organization’s customer information? Credit card numbers, social security numbers, addresses, email addresses… We are talking about immediate class action lawsuits here! Organizations who leave this kind of security hole open are simply playing with fire. Internal data breaches account for over 70% of all data breaches. With data breaches in the US costing on average of $7.2M in business and legal costs, organizations need to keep their customer data under lock-and-key!

A growing trend for preventing internal data breaches is to mask sensitive test data. This simply involves obfuscating sensitive customer data, rendering it useless to a thief. Several third party applications exist for data masking, across all platforms. The most effective masking solutions copy data from production, mask the sensitive data, and then dump the masked data into test. And that’s exactly what TestBase does. Beware of solutions which mask data only after being copied to the test environment – these leave a wide window of opportunity open for a thief.