Reply to post: Re: Agree with the sentiments of the cloud and critical data

Accountancy software firm Sage breached in apparent insider attack

Dwarf Silver badge

Re: Agree with the sentiments of the cloud and critical data

Possible yes, but far less likely if good security design, strong authentication and centralised logging was performed.

Should support staff have access to the underlying customer data / be able to say report on / extract that data ? (select * from customers into outfile get-rich.txt;)

I expect that the average support person only interacts with say 10 customers a day, so if they are accessing more than that or via unexpected routes, then the warning lights should start to flash in the sage security office.

Even an insider should have appropriate access for their role, that is after all why there are security mechanisms built into all the core technologies..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019