Data Privacy | Insider Threats | Cybersecurity | Compuware
October 30, 2018 Cybersecurity, Data

Data Privacy and the Insider Threat: You Can’t Afford to Separate Them

[Average: 4.3]

Overview: Your efforts to privatize data are closely related to finding and thwarting insider threats. But these focus-areas are often siloed. Learn why they should be working closer.

 

Mainframe professionals often tout their platform as being the most secure platform available to large organizations. But it’s also true many of them have a false sense of security, to the extent they believe the mainframe is practically invincible.

We need to look at the mainframe as being securable, rather, and only when we deploy the proper tools and techniques to enable that. Especially today as insider threats become more common, any system can be infiltrated, and data can be pilfered, regardless of how advanced a platform’s inherent security may be.

There’s also a cultural aspect to this securability that must be considered. Like other areas in mainframe IT, security has always been siloed from other disciplines and has contained its own silos. One team has traditionally focused on data privacy compliance while another team has kept busy protecting assets and hunting insider threats.

But these teams really should be working closely with each other. The sensitive data one team is trying to protect from the insider threats is the same data another team is privatizing and reporting activity on for compliance. If there’s a breach, the two teams must work together to understand what data was breached and what the impact was.

Tools and Techniques

As for tools and techniques organizations can leverage to help enable this collaboration between groups and tighten security on their mainframes, RSM Partners is enabling customers to improve infrastructure-level security with products like zDetect while Compuware monitors user application behavior and provides visibility into activity of insider threats with Application Audit. You can learn more about those solutions as well as how they work together in this blog post and webcast.

Compuware also makes it easy to mask sensitive data to protect individuals’ identities and business-confidential data with Test Data Privacy, available through Topaz for Enterprise Data.

In addition to the software RSM Partners offers, it also provides security assessments and pen tests to help customers ensure their mainframes are secure when data lands on it. Furthermore, it offers security as a service to customers by providing them with a technical liaison of sorts who works with various security roles to maintain communication between siloed teams.

The Big Security Picture

If you’re breached and your security people handle the breach and find the culprit, your compliance people still have to report to regulatory bodies and customers. But if these teams are siloed, they may not have the information or know they were breached until later. Failing to report this information in time compromises compliance and leads to financial penalties.

If you don’t see the whole picture, you’re going to miss something, and that’s a risk. Because something that happens in the realm of one team could have a profound impact on another area, and the failure to maintain awareness could have a profound impact on the success of your business.

The following two tabs change content below.

John Crossno and Mark Wilson

John Crossno is the Product Manager for Compuware’s Security Solutions. In addition to his history of a pragmatic approach to product management in various mainframe software and storage environments, he has an extensive background in development and field technical services. Mark Wilson is Technical Director at RSM Partners. He has over 30 years of technical IT experience, with a broad range of skills covering all aspects of a modern data center. The majority of his experience was gained in a hands-on technical roles performing a variety of duties in many diverse environments. He has extensive experience in z/OS systems programming and in-depth experience with IT security, especially on IBM mainframes but also for UNIX- and PC-based systems and cross platform environments.

Latest posts by John Crossno and Mark Wilson (see all)

Share: