When California Senator Dianne Feinstein (D-Calif.) re-introduced legislation on data breaches and individual privacy last week, enterprises were already trying to get ahead of the bills.
For example, enterprises are increasingly tying data loss prevention (DLP) functions into their identity and role management products. Take Computer Associates (NASDAQ: CA), which just announced last week that it acquired data loss prevention (DLP) vendor Orchestria to beef up its security products.
If the pace of data breaches reported each year keeps rising, expect to see integrated solutions like this become increasingly important. The Identity Theft Resource Center counted 656 reported breaches in the past year, 47 percent more than the 446 reported in 2007. The ITRC is a non-profit corporation that battles identity theft nationwide.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iLast year, Microsoft and RSA announced they would integrate their products to provide DLP to users.
"Governance and compliance are tied in closely with DLP and identity and access management," Bill Mann, senior vice president of security management at CA, told InternetNews.com. "It's critical for organizations to identify who has access to data by identity and role," Mann said.
Indeed it is; 50 percent of 179 companiessurveyed by research firm Enterprise Strategy Group said internal breaches were directly responsible for the loss of confidential data over the past 12 months. Another 11 percent blamed a combination of internal breaches and external attacks for data loss.
Saving time and money
"Organizations have spent a considerable amount of time creating roles and rules for identity policy access and control," Diana Kelley, founder of security advisors SecurityCurve, told InternetNews.com by e-mail.
"Often, one entity, such as an account manager, requires access to, or needs to create, a sensitive piece of data such as a bank account, to which other entities should not have access; so tying identity or role awareness to data protection is useful for the business."