Insider or Outsider - Does it Matter?

Much noise is made about the risks associated with insider threats versus outsider threats, but why?

Defenses for outsider threats are easier to visualize; a hardened perimeter, strong authentication, and monitoring for unusual activity seem logical if you’re trying to “keep the bad guys out." Insider threats are viewed as more difficult to detect and defend against. Here, the focus tends towards access control, authorization, and (often) device control. Inside attackers are typically trusted users, outsider attackers can be individuals or, increasingly, malware.

If your goal is to protect your data from misuse or exfiltration, does it really matter whether the attacker is inside or outside your organization? In either case, there is an attempt to use or move data in a way that should not be allowed. The best defense must consider the worst-case scenario: an attack by a user, or someone posing as a user, with legitimate access to the data. This could be a system administrator, a senior executive, an engineer or, to extend this to common outsider (cyber) threats, a “user” could also be legitimate or malicious software.

This sounds like a massive challenge. However, by focusing on securing the data itself, multiple attack vectors are addressed. Data that carries security with it will prevent unauthorized use, whether the attack is from inside or outside the organization. It will recognize legitimate actions by other systems and prevent unknown or unauthorized applications from copying or moving data offsite. It will automatically encrypt sensitive data that leaves the internal network (when allowed) and block actions that put data at risk.

The outsider attack is a serious threat. However, if you can protect data from a determined, malicious insider, defending against many outside attacks comes for free.

Mike Pittenger

Data-Centric Security: Why You Need it, How to Get Started

Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.

Watch Now

Related Articles
Your Weakest Link May Not be Your Employees After All - Securing Your Data Supply Chain

Securing only your employees isn't enough to keep your data safe today - businesses must extend security measures across their entire data supply chain.

The Role of Security Analytics in Information Security Programs

18 infosec pros and analytics experts reveal the role of security analytics in information security programs today.

How to Protect Sensitive Data without Having to Guess the Next Attack Vector

Focusing on data for effective and sustainable protection

Mike Pittenger

Mike Pittenger is vice president, security strategy at Black Duck Software. Mike has over 30 years of technology business experience, including over 15 in application security. He was a co-founder of Veracode and led the product divisions of @stake and Cigital. He can be reached at mwpittenger [at]

Please post your comments here