40476 Düsseldorf, de
+44 (20) 71832-832
Cyber-Ark says Goldman Sachs indictment highlights need for secure data sharing
"This case is interesting as it apparently involves a former member of the bank's IT staff allegedly downloading software and allied data from his former employers' servers, and relaying it to a German Internet account," said Mark Fullbrook, UK and Ireland director with the data security specialist.
"It's also alleged that the exemployee also stored company computer data at his home, ready to take to his new job. The fact that the man was earning $400,000 a year indicates how high up he was before left the bank last June," he added.
More than anything, says Fullbrook, the case is a classic example of what can go wrong when you allow IT staff complete and unfettered access to the company's data.
Whilst it's clear that IT staff have the best chance of gaining unauthorised access to company data, had the data been stored in a secure and encrypted environment, then it could have been securely shared with only those staff that needed access, and logs maintained on who accessed what information and when, he explained.
"If private data is relayed across a company's network in any way, it should be protected from prying eyes. This is commonsense IT security. Using this approach would have meant that those who should have had access to the data, would have been able to look at it" he said.
"This case is a significant failure of IT security procedures at multiple levels as far as the financial institution is concerned. It is to be hoped that a full investigation will ensue and remedial action is taken, including installing a secure and managed file sharing solution, allowing staff access to the data they need, but in a highly controlled manner," he said.
For more on the Goldman Sachs exemployee indictment:
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to firstname.lastname@example.org.