Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT's Roving Eyes

Pop quiz: Who's most likely to tamper with sensitive data in your enterprise?

  1. An external hacker with no privileges on your network.
  2. An end user who needs a password just to access the company holiday schedule.
  3. An IT staffer who owns the root passwords to every server in the enterprise.

The answer is obvious. Yet, while 99 percent of security technologies and policies are geared to restrict the access of A and B, virtually nothing is being done to protect systems and data against tampering by the one organization that could most easily do it: The IT department itself.

As the keepers of the keys, IT and security staff have the best chance to access sensitive corporate data without being detected. Officially, IT people say they never access systems or documents except on authorized business, such as an audit or a security investigation. Unofficially, many IT people concede that they regularly see abuse of security privileges.

Get the rest of the story at Dark Reading.

Tim Wilson, Site Editor, Dark Reading