2010 Market Pulse Survey: Moral Grey Area Exposes Companies to Data Theft

SailPoint recently announced the results of our 2010 Market Pulse Survey focused on employees’ attitudes toward company data. We got some pretty startling results from the more than 1,500 workers polled in the U.S. and Great Britain:

Half of the respondents said they would take company data with them when leaving a job. A full 27% [...]

Don’t Underestimate the Risk of Privileged Users

A few weeks ago, I was out on the West Coast talking to companies about privileged user management and identity governance with our technology partner, Cyber-Ark. This is an area of real concern for lots of organizations – and rightfully so. During our meetings, we exchanged real-world “horror stories” about insider fraud and sabotage. One [...]

What’s the Most Direct Path to Good Corporate Governance?

Last week’s oil spill has me thinking about how – and when – government regulation is the ideal path to mandate corporate governance. Specifically in the IdM space, I’ve watched government regulations evolve to address transparency, privacy and consumer data protection. As I look back at what’s happened, it’s apparent that most of these data [...]

Feet on the Street: RSA Highlights Cloud and Cybersecurity

This week, several members of the SailPoint team made the annual trek to the industry’s biggest security event, the RSA Conference. As always, the conference was a high-paced mix of conference sessions, technology debates, and meetings with customers and partners.
I’m always interested in what themes get the most play at RSA. This year, I’d have [...]

Market Pulse Survey: Divide Between Business and IT Persists

We recently conducted our third Market Pulse Survey, which focused on the key drivers of access certifications and how organizations ensure their access privileges align with business policy. According to the 150 respondents, including many readers of this blog, there is clear evidence business users involved in these processes don’t fully understand what they are [...]

U.S. Data Security Laws: Is There Another SOX in your Future?

A recent Forbes feature, “The Year of the Mega Breach,” caught my attention last week. It includes a slideshow of 2009’s largest security breaches, and concludes that this year alone, more personal information was exposed through data breaches than ever before. The article appeared amid news about a T-Mobile data breach, and Health Net and [...]

IDC/RSA Survey Highlights the Cost of Insider Threats

Like many in the industry, this week’s RSA-sponsored IDC report, “Insider Risk Management: A Framework Approach to Internal Security,” caught my eye. The report led with the finding that 52% of the respondents “characterized their incidents arising from insider threats as predominantly accidental.” This in turn triggered a media storm pointing to careless, incompetent or [...]

Goldman Sachs Tries to Catch a Thief

I came to work this morning to read a Bloomberg article, “Goldman May Lose Millions From Ex-Worker’s Code Theft,” about a recent data breach. The details are still coming in, but allegedly a former computer programmer from Goldman Sachs, Sergey Aleynikov, downloaded and stole a copy of proprietary trading software. To me, this is an [...]

All’s Fair in Security?

I read an interesting piece in InfoWorld by Roger Grimes, “A Sweet Solution to the Insider Threat.” The premise of Grimes’ article is that companies should use computer decoys, or “honeypots,” to catch workers attempting to login to resources they have no business reason for accessing.
Honeypots by their very nature are fake computers that nothing [...]

Getting Real about Transparency: What You Can’t See May Bite You

In SailPoint’s second Market Pulse Survey (announced yesterday), we asked Global 2000 companies about how they are managing IT risk given the economic downturn and resulting corporate churn. Not surprisingly, given the recessionary budgets and resource allocations these companies are facing, the survey showed that companies remain very exposed to the risks of insider threats [...]