Leaky pipes, call a plumber. Leaky data, call PwC & Oracle

Enterprises are moving from “Who has access to what?” to “What are they doing with it?”

Data & Identity theft has a potentially enormous financial impact on the enterprise through damage to brand reputation, regulatory penalties, and competitive theft.  But protecting against misuse of resources is an increasingly challenging issue in a world of Cloud Applications, globally dispersed teams, and networks open to multiple devices, contractors, and Web 2.0 applications.

"A small leak can sink a great ship." - Benjamin Franklin

Is this really a problem?

• Trust me – According to Wikipedia , an Ethical Hacker, or White Hat is “the hero or good guy, especially in computing slang, where it refers to an ethical hacker or penetration tester who focuses on securing and protecting IT systems.” While the concept is reassuring, 90% of test by White Hats succeed in getting sensitive information.
• The FTC puts the annual business loss from ID/Data Theft near $50 billion.
• Over one-quarter said the incident resulted in brand/reputation damage.
• With growing profits, sophisticated techniques, lagging international laws, and the migration from a basement hobby to an organized crime syndicate – this is an area of growing opportunity which is increasingly hard to prosecute.
• Identifying and protecting sensitive data requires a deliberate process of understanding your existing risk and “plugging the leaks”.
• This is NOT just an IT issue, it is an overall business issue.

Why have we missed this?

• Why? - While portable/accessible information is crucial to fast moving collaborative businesses; sharing data can lead to unintended consequences.
• What is it? - Sensitive or regulated information including Intellectual Property (“IP”), Personally Identifiable Information (“PII”), trade secrets, sales/customer data, and payment card data are all open to be misused or compromised.
• What is the impact? – Beyond the obvious risk of fines and lawsuits, breaches can lead to a long term impact on brand reputation, competitiveness, and financial well-being.

Is this a growing problem?

• These thefts are increasingly driven by organized, motivated, and sophisticated groups that are well compensated for their success.
• In a down economy with growing layoff’s and fears of unemployment, employee loyalty is the Enterprise equivalent of a unicorn.
• Global businesses rely on international collaboration networks, distributing information through a variety of methods—potentially leaving companies more exposed.
• IP loss leads to counterfeiting, fraud, and from there loss of revenue with lasting negative effects on brand value and corporate reputation.
• Existing IP protection is not designed to detect targeted hacking or electronic espionage activities.
• Standards such as Payment Card Industry (“PCI”) or Sarbanes-Oxley (“SARBOX”)  create a false sense of security as they are very finite in scope

What did we do before?

•      Ignorance is Bliss – Most felt, “This will never happen to us.”

•      The Gong Show – Historically attackers were driven by outsiders which were disorganized amateurs working from their parents basements.

•      Not my job - “This is an IT issue.”

•      Risk Reward Ratio – Previously the impact was neglibilbe compared to the cost of solving the problem

•      Unicorns ARE real – “We trust our employees to secure our information.”

•      Who Care’s – “We passed our audit, so we’re safe.”

What should we be thinking about now?

•      Enterprises, regardless of their size vertical, or location; need to confront a real and growing risk from data and identity theft.

•      Data loss is from organized groups, internal employees, and comes from physical loss, data exchanges, fraud, and human error.

•      Corporate data losses open the door for employees and customers to experience fraud and personal identity theft.

•      Employees and collaboration networks are the most common data leak sources.

•      Data protection is not just a C-Level issue, it is a CEO-level concern.

What do I do about it?

• Data Security Audit – Understand where your sensitive data is, where your leaks are and what your options are for plugging the leaks with the help of PwC
• Data Loss Protection (“DLP”) – Leveraging integrated tools from Oracle partners including McAfee  and Symantec ; Enterprises have the tools to look at data on the network or inflight to understand how sensitive it is and allow the enterprise to respond.
• Oracle Information Rights Management (“IRM”)  - Provides a uniquely efficient response to sensitive data highlighted by DLP products.  Oracle IRM allows Enterprises to continue to share sensitive data while protecting it from misuse or theft
• Oracle Identity & Access Management (“IAM”)   - Extends the standard provisioning of access rights and roles for applications to data and content by working closely with Oracle IRM.

Why PricewaterhouseCoopers (PwC)  ?

• Founded in 1998 with the merger of Price Waterhouse and Coopers & Lybrand, their client history dates back to the nineteenth century combining a global perspective with a local focus and deep understanding of US national issues.
• Originating in London in the mid-1800s, PwC has 16 industry sector concentrations with unique expertise in assurance, tax, human resources, transactions, performance improvement and crisis management help to resolve complex client and stakeholder issues worldwide.
• Driving innovation from global financial services and public sector or military to non- profits, and relief agencies their collaborative model to create innovative solutions to today's most complex business issues.

For more information:

·         PwC’s “10 Minutes on data and identity theft”

·         Contact: Gary Loveland

`                    Principal, National security practice leader

                    Tel: +1 (949) 437 5380