Tuesday, February 20, 2007

DuPont Data Theft

I always say if you can't trust your IT staff then you've got a problem. Then again, it's not about trusting the people, it's more about trusting that the controls in place are enough to keep the honest people honest. Just like the locks on your doors. If someone really wants to break in badly enough then they will likely find a way, but if you leave the doors unlocked then maybe even an honest person will be tempted.

The DuPont thing {Link} is so sleazy a company really would have to be desperate to hire someone that stole so much data from his prior employer. I'm not saying that this guy Min's new employer new what he had done, but it's pretty strange that 4 months after signing on with the new employer he's still working for the competition. This is why Identity and Access management is so important. Only give people just enough access to applications they need to do their jobs and nothing more. But beyond Identity and Access Management, monitoring is critical for detecting such anomalies as mentioned in the DuPont story.

No comments: