Gartner Says Rash of Personal Data Thefts Shows Social Security Numbers Can No Longer Be Sole Proof of Identity for Enterprises.WASHINGTON -- Analysts Examine Protective Measures Companies Can Implement During Gartner IT Security Summit, June 5-7, in Washington, DC The recent thefts of personal data from companies and government agencies make it clear that Social Security numbers can no longer be relied on as proof of identity, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Gartner, Inc. Gartner analysts said enterprises should use this data as only part of an overall "identity score." Avivah Litan, vice president and distinguished analyst at Gartner, recently testified at the oversight hearings for the Committee on Veteran's Affairs regarding the theft of sensitive information belonging to 26.5 million veterans and spouses from a Veteran Affairs employee's home. Ms. Litan told the committee that this latest compromise shows just how unprotected some of the nation's most sensitive data is. "This incident also shows that the Social Security number has become an extremely unreliable piece of information and cannot be trusted to be unique to an individual. Companies should not rely on Social Security numbers alone as proof of individual identity," Ms. Litan said. "As many as one-in-seven adult Social Security numbers in the U.S. may already have been compromised." Ms. Litan is providing more detailed analysis regarding identity theft during the Gartner IT Security Summit, which is taking place here through June 7. While security managers are attempting to implement more-stringent security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security around sensitive information, the price tag for such protection can cause sticker shock Sticker shock is a United States term for the feeling of surprise experienced by consumers upon finding unexpectedly high prices on the price tags (stickers) of products they are considering purchasing. for many companies. Security managers are facing challenges in receiving the budget required to better protect customer and business-sensitive information. Gartner analysts point out that data protection is much less costly than data breaches. "A company with at least 10,000 accounts to protect can spend, in the first year, as little as $6 per customer account for just data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign , or as much as $16 per customer account for data encryption, host-based intrusion prevention See IPS and IDS. and strong security audits combined," Ms. Litan said. "This compares with an expenditure of at least $90 per customer account when data is compromised or exposed during a breach." Encrypting stored data can provide the most robust data protection, but if that is unfeasible because of undue cost and complexity, companies should deploy comprehensive host-based intrusion prevention systems (HIPS). However, successfully deploying HIPS requires strong server configuration control and additional administrative cost administrative cost Managed care A cost incurred by the 'business' end of a health care facility or university–eg, staffing and personnel costs, nursing home and hospital administration, insurance, and overhead expenses. Cf Indirect costs. and complexity. Another option is strong security audits to validate To prove something to be sound or logical. Also to certify conformance to a standard. Contrast with "verify," which means to prove something to be correct. For example, data entry validity checking determines whether the data make sense (numbers fall within a range, numeric data that the organization has deployed satisfactory mitigating controls A Mitigating Control is type of control used in auditing to discover and prevent mistakes that may lead to uncorrected and/or unrecorded misstatements that would generally be related to control deficiencies. , reducing the need for data encryption or HIPS. "None of these options are mutually exclusive Adj. 1. mutually exclusive - unable to be both true at the same time contradictory incompatible - not compatible; "incompatible personalities"; "incompatible colors" , but implementing all three will still be less expensive than having to respond to a large-scale data breach," Ms. Litan said. Additional information on identity theft prevention is being released at the Gartner IT Security Summit, being held at the Marriot Wardman Park Hotel in Washington, DC. Gartner analysts, industry experts and IT security practitioners are delivering unbiased, realistic analysis on the current state of IT security, as well as an independent overview of the market during the next 12-18 months. For complete event details please visit the Gartner IT Security Summit Web site at www.gartner.com/us/itsecurity. About Gartner Gartner, Inc. (NYSE NYSE See: New York Stock Exchange : IT) delivers the technology-related insight necessary for its clients to make the right decisions, every day. Gartner serves 10,000 organizations, including chief information officers and other senior IT executives in corporations and government agencies, as well as technology companies and the investment community. The Company consists of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events. Founded in 1979, Gartner is headquartered in Stamford, Connecticut Stamford is a city in Fairfield County, Connecticut, United States. According to 2006 Census Bureau estimates, the population of the city is 119,261, making it the fourth largest city in the state. , U.S.A., and has 3,700 associates, including 1,200 research analysts and consultants in 75 countries worldwide. For more information, visit www.gartner.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion