Here's a nasty little truth about the data-leakage problem: The people charged with keeping information systems up and running often pose the biggest threat to information protection. They've got broad access and powerful tools, and they know how to circumvent typical content-protection mechanisms.

This reality has some IT executives exploring ways to tighten up operational processes. Tom Ferris, a senior IT officer for an international financial organization in Washington, D.C., is ditching a traditional server-administration model for one that strictly limits access by role. For example, application developers no longer get full administrative access to and control of all servers. Now they have access to test and development servers but not the production environment, Ferris says. Additionally, for maintenance purposes he uses BladeLogic's data-center automation software to set role-based access controls and limit the types of tasks allowed.

Is IT your biggest threat? Place a vote and share your opinions.

Kern Weissman, director of network systems at Velocity Express, a same-day package-delivery company in Westport, Conn., also is narrowing administrative access to servers. "Instead of saying, 'You have access to this system for this amount of time,' we'll say, 'You have access to this system and this application for this amount of time,'" he says.

The company will gain this control through Xceedium's GateKeeper, which lets remote administrators manage centralized servers securely. GateKeeper consolidates access with a Web portal, through which all administrators must pass to gain systems access. Everything is encrypted, including the tools available through applets on the portal, and a company need only open one firewall port, says Cheryl Traverse, Xceedium CEO. Even rebooting failed machines is handled through the portal, because GateKeeper consolidates network access, out-of-band signaling and power on a single connection.

Martin O'Reilly, IT director at the Rutgers School of Business in Camden, N.J., considers GateKeeper a security tool. "We use it as the sole access point to our mission-critical systems," he says. An administrator has an access account on the Web portal, and the mission-critical system will allow access only from the GateKeeper connection, he adds. "When I think about the insider threat, I think about the misuse of applications or systems that render them insecure," O'Reilly says. "And this certainly provides another [protection] layer - and, of course, that's the ultimate goal."

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports