Database Analyst Steals Credit Card Data
This blog post was inspired by a recent report of a Database Analyst at American Express stealing Credit Card data.
It’s amazing how many companies still follow a mainly “perimeter security” approach when it comes to controlling access to sensitive information—their focus is on network security using firewalls, advanced authentication options, and so on. Even with such measures, it’s very common to setup strong barriers to the outside world but very little by way of internal limits; most internal people have some level of access to servers that store and process sensitive data.
Well, there’s nothing wrong with pre-screening your stuff, or having access to the sensitive information, or setting up advanced authentication. Nevertheless, we at Pythian always hear this argument: “Our environment is much more secure if only exposed to a very limited number of people.” If, however, security stops here, this is a very shortsighted position.
