This blog post was inspired by a recent report of a Database Analyst at American Express stealing Credit Card data.
It’s amazing how many companies still follow a mainly “perimeter security” approach when it comes to controlling access to sensitive information—their focus is on network security using firewalls, advanced authentication options, and so on. Even with such measures, it’s very common to setup strong barriers to the outside world but very little by way of internal limits; most internal people have some level of access to servers that store and process sensitive data.
Well, there’s nothing wrong with pre-screening your stuff, or having access to the sensitive information, or setting up advanced …
[Read more]