Peeping on celebrity files - How to gain control
February24, 2009 (ZDnet)
In a recent commentary by Brian Cleary, vice president of marketing for Aveksa, which provides comprehensive, enterprise-class, access governance, risk management and compliance solutions, he discussed the problems associated with privacy and security of one's personal information.
He wrote that employees are all too commonly viewing the private records of political figures and celebrities by taking advantage of access policy gaps at the companies they work for and thereby exposing their organizations to risk. A recent example he used was the announcement that on Nov. 22, 2008, Verizon had fired several employees who had looked at the cell phone records of newly elected president Barack Obama.
Mr. Cleary went on to state that politicians and celebrities use cell phones, apply for passports and seek healthcare at major hospitals just like everyone else. The biggest concern should not necessarily be that employees are accessing the information illegally, but that the network databases that store this information maintain poor security controls and/or how user access to the data is governed.
Organizations are reporting with increasing frequency that their employees are accessing the account records of public figures, and suspensions and firings are being announced on an almost weekly basis. Defining IT security protocols is not enough, because these are simply words on paper. To be effective and consistently applied, these security controls and policies need to be a set of automated controls.
Mr. Clearly states that organizations need to implement automated controls for access delivery and change management that ensure policies are being applied in a consistent fashion and access related risk is avoided.
The right solution requires a strategic approach for access governance that is based on automated business processes and controls for managing the constant change to user access while ensuring visibility and accountability of access across the entire enterprise.
YOUnite's patented technology offers a unique solution to the problem of data security and specifically addresses the issue of data control and access to personal information through the notion of "distributed sharing of personal identity attributes". Attributes can be described as any characteristic or preference relating to a specific individual. Attributes are information or details that are non-changing (i.e. eye color, date of birth, etc.), while personal characteristics and preferences are items that can change over time (i.e. contact details, your age, favorite food or color, etc.).
By deploying YOUnite's patented technology into the IT infrastructure, an enterprise IT administrator would be able to implement strict controls over the access to information with granular control (e.g. specific elements of data rather than complete databases) and on an individual basis. Moreover, the information would not have to be stored on any third party networks, thereby enabling the enterprise to have complete control of their data at all times.
What this means is that access to any particular pieces of information could be strictly applied - in an automated manner - to specific individuals or categories of individuals, rather than being controlled by generic passwords or unmonitored policy protocols.
The use of YOUnite's patented technology provides the enterprise and the individual user with a unique solution to data security, privacy and control. A solution that facilitates selective sharing of personal information on an individual basis with complete granularity and control.
For more information, please visit our website and while you're there, read through our Resources Section for specific Use Cases and White Papers.