After the recent disclosures on Wikileaks, which have marked the "life" on the internet and further, many businesses and organizations have begun to fear for their company's security posture and corporate data.
The extended use of social networks and new technologies such as cloud services are gaining the attention of businesses and employees. This leads to a wide use even in the workplace, but without taking the appropriate security measures, so as to ensure systems' functionality against hackers.
Below, there are three important ways to address these threats:
1st Step: Authentication
The authentication process uses a system to validate user's identity. For more than 10 years businesses use this system to provide users - employees with passwords and usernames, so they can access web applications and company's information system. In this way employers give rights to users for accessing business applications and can control everything that is being processed during the use. You can separate the access policy according to the type of user, e.g. one for employees, another for partners and a different one for customers.
2nd Step: Authorization
Authorization is a security policy that defines the type of data the user has access. The documents' disclosure from Wikileaks is a great example of lack of authorization. This means that very few people should have access to confidential information, which does not apply in the previous case.
3rd Step: Accounting
Essentially, accounting controls the reliability and security of the information system. The most popular method to make this possible is electronic discovery (e-discovery), through which not only we can preserve historical records and our actions, but also it helps in forensics investigations. There are many applications that can help you with this and usually work by sending an email each time it records something. New features are in the spotlight.
The benefits that you will gain by using these technologies are huge in comparison with the efforts that you will make to implement them. Do not let Wikileaks happen to you...