Insider or Outsider - Does it Matter?



Much noise is made about the risks associated with insider threats versus outsider threats, but why?

Defenses for outsider threats are easier to visualize; a hardened perimeter, strong authentication, and monitoring for unusual activity seem logical if you’re trying to “keep the bad guys out." Insider threats are viewed as more difficult to detect and defend against. Here, the focus tends towards access control, authorization, and (often) device control. Inside attackers are typically trusted users, outsider attackers can be individuals or, increasingly, malware.

If your goal is to protect your data from misuse or exfiltration, does it really matter whether the attacker is inside or outside your organization? In either case, there is an attempt to use or move data in a way that should not be allowed. The best defense must consider the worst-case scenario: an attack by a user, or someone posing as a user, with legitimate access to the data. This could be a system administrator, a senior executive, an engineer or, to extend this to common outsider (cyber) threats, a “user” could also be legitimate or malicious software.

This sounds like a massive challenge. However, by focusing on securing the data itself, multiple attack vectors are addressed. Data that carries security with it will prevent unauthorized use, whether the attack is from inside or outside the organization. It will recognize legitimate actions by other systems and prevent unknown or unauthorized applications from copying or moving data offsite. It will automatically encrypt sensitive data that leaves the internal network (when allowed) and block actions that put data at risk.

The outsider attack is a serious threat. However, if you can protect data from a determined, malicious insider, defending against many outside attacks comes for free.

Mike Pittenger

Data-Centric Security: Why You Need it, How to Get Started

Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.

Watch Now

Related Articles
Analysts on Data-Centric Security

The Times They Are a-Changin' – a look back on analysts' evolving views on information security

How to Protect Sensitive Data without Having to Guess the Next Attack Vector

Focusing on data for effective and sustainable protection

Data-centric Security for Healthcare Compliance

Focusing security efforts on sensitive data to meet healthcare regulatory requirements

Mike Pittenger

Mike Pittenger is vice president, security strategy at Black Duck Software. Mike has over 30 years of technology business experience, including over 15 in application security. He was a co-founder of Veracode and led the product divisions of @stake and Cigital. He can be reached at mwpittenger [at] caddisadvisors.com.

Please post your comments here