Q: Which of these technologies is Unisys deploying?
Titus: We have integrated access cards, our Stealth product, data-in-motion and data-at-rest capabilities. For data-at-rest, we're moving to a stronger set of authentication, and we're moving toward hard-disk encryption for certain roles in the company. For data-in-motion, that data is encrypted as it is traversing our network. Unisys has created a product called Stealth that creates communities of interest, and data is encrypted from peer to peer. If you've got people working in HR with personally identifiable information, you want them to only communicate with each other and not have somebody who might be listening on the network who might be capturing their information. We've also integrated our common access card to a logical access card so the building card that gets me into the office physically also logically gets me into the remote access system. We're looking at integrated [Security Information and Event Management] technology, which integrates several different security tools into a single, consolidated analytical tool. We have a pilot of data loss prevention solutions. We're analyzing to see if white listing or black listing will work for us.
Q: How do you address log files?
Titus: We have a tool that we use that looks for change management: if somebody makes a change in one place and it opens up a hole in another place and suddenly people have access to data. I also have somebody looking at the log files for certain behavior, such as large data transfers.
Q: How do you address the insider threat in your hiring process?
Titus: I've just reviewed our hiring process that covers interns and employees. What we do is a corporate background investigation on every new hire.
Q: What about IT staff? Do you find they are more likely to be involved in a security breach?
Titus: I wouldn't say they have a higher incidence of doing it, but I would say they have the tools to do it. You have to continue educating them. In the government, some of my folks thought they didn't need to follow the same rules that we were pushing to everyone because they were in security. The reality was they had the ability to crack passwords and eavesdrop on the network. We had those capabilities for good reason. As a CISO, you know that those people are the ones that can do the most damage. If you're letting a person go who has those types of rights, that person is someone you might want to say today is your last day but we'll give you two weeks pay. Most people do not want to do bad things because they want to keep their job. Usually there is a trigger for somebody, some sort of an HR change, and that's when you need to be really cognizant of what they have access to and what you need to do to protect the resources of the company.
Q: What concrete things can CIOs and CISOs do to battle the insider threat?
Titus: We always talk about technology solutions, but I personally think that a lot of what you can do solve this problem is to educate. If you as CISO take the time to meet with the people in the trenches and give them the awareness of what to look for, they are the best at being able to find people sitting right next to them who are doing nefarious things. We tell them that if something is unusual, they should pass it off to the authorities in the company so we can look into it.