Revealed: Insider Data Breach at Ford
Posted by Kurt Johnson - VP Strategy on Mon, Oct 19, 2009
Last week a former Ford product engineer (from 1997-2007) was arrested at O'Hare airport and charged with stealing 4,000 sensitive design documents worth millions of dollars. According to reports, Xiang Dong Yu, 47, of Beijing, was charged in a five-count indictment with theft of trade secrets, attempted theft of trade secrets and unauthorized access to a protected computer. Apparently he stole this data back in 2006 before he left the company and has been using it to try to gain employment with other rival manufacturers in China.
As we continue to see these instances of data theft in the news, companies need to be laser focused on implementing strong Access Assurance strategies that ensure that the right people have the right access to the right resources and are doing the right things. When an employee leaves a company or changes roles, access policies need to be enforced immediately to prevent these types of breaches, especially in organizations where proprietary data is the stock-in-trade. A complete Access Assurance solution, including detective and preventative controls, helps alert IT managers to inappropriate access to sensitive data so they are able to remediate potential risk.
We talked last week about the evidence of a growing IAM market, as organizations are clearly working to address these challenges. But IAM is moving beyond traditional boundaries in organizations and needs to encompass elements of preventative and detective controls by reaching out to various monitoring technologies to assure that information gets into the right context to drive remediation.