Trust and verify is more appropriate for IT environments
Commenting on the recent security breach at Ladbrokes,Phil Neray, vice president of security strategy, Guardium (an IBM company) said:
"Traditional network security measures – such as firewalls, intrusion detection and anti-virus systems – are of little use when the threat lies inside the organisation, with IT administrators and outsourced personnel who can easily bypass corporate policies because they are given a high level of privileges in order to accomplish their day-to-day jobs.
Of course, most employees are ethical and would never consider abusing their privileges, but the alleged Ladbrokes breach shows that a strategy of 'trust but verify' is more appropriate for modern IT environments, incorporating continuous , real-time monitoring and auditing of all database activities – including those performed by privileged administrative users - to quickly identify rogue activities."
