The danger of losing your digital assets in a down market

Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

Any information security professional will tell you that security countermeasures are comprised of people, processes and technology.  The only problem is that good security depends on stable people, processes and technology.

A stable organization undergoing rapid and violent change is an oxymoron.

People countermeasures are a mix of security awareness training, background checks (at a depth proportional to job exposure to sensitive assets), and deterrence.  Andy Grove once said “Despite modern management theory regarding openness – a little fear in the workplace is not a bad thing”.  When a lot of employees are RIF‘d – there is a lot of anger and people who don’t identify with their employer; the security awareness training vaporizes and fear and revenge take over. Some of the security people will be the first to go, replaced by contractors who may not care one way or the other or worse – be tempted by opportunities offered by the chaos.

Processes need to be implemented in a way that ensures confidentiality, integrity and availability of customer data.  A simplistic example is a process that allows a customer service representative to  read off a full credit card number to a customer. That’s a vulnerability that can be exploited by an attacker.  In a merger or acquisition – business processes change and if one believes in Murphy’s law – never for the best.    A rule of thumb I like to use is that many security vulnerabilities lie in the cracks of systems and organizational integration – in an M&A – those cracks can look like the Grand Canyon.

Technology countermeasures are never a panacea and must always be measured for cost-effectiveness.  Today’s defense in depth strategy is to deploy multiple tools at the network perimeter and endpoint. Firewalls,  IPS and malicious content filtering at the perimeter and  removable device control and personal firewalls at the endpoints,

Although defense-depth is a sound strategy – it can develop three vulnerabilities in times of rapid organizational change.    One – most defense in depth  information security is focussed on external threats while in an  organization undergoing rapid change – the problem is internal vulnerabilities. Second – defense-in-depth means increased complexity which can result in more bugs, more configuration faults and … less security instead of more security. Three – when the security and executive staff is cut, security monitoring and surveillance is suffers – since there are less (or no) eyeballs to look at the logs and security incident monitoring systems.

Claudiu Popa, president and chief security officer of data security vendor Informatica Corp. recently told  Robert Westervelt in an interview  on that “mergers and acquisitions force IT security pros to be more aware of internal threats”.

No argument  – until the closing paragraph which had some dangerous best-practice boilerplate:

Adequate security is difficult to implement, but once an organization reaches the right level of maturity, security measures will not only save time and money, but also contribute to improved credibility and efficiency.

Correct- but for an organization firing 30% of it’s workforce over night – words like maturity, credibility and efficiency go out the door with the employees.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply