RealTime IT News

IBM: Security Crucial From The Inside Out

Corporations today spend so much time keeping external viruses, bugs and perpetrators out of their computer systems that they sometimes leave internal holes wide open.

IBM wants to fill them.

With the RSA Security show winding down, the company today unveiled Tivoli Identity Manager Express, a software package that helps small businesses combat insider security attacks and automate compliance management.

The software blocks people from using usernames and accounts that the company neglected to cancel, or "orphan accounts," which have been left open due to employee layoffs or company mergers.

Typically, smaller businesses employ antivirus software or a network firewall, according to Steve Henning, manager of integrated identity management solutions for IBM Tivoli.

But this leaves the so-called "back door" open to fired employees or dishonest clients trying to access confidential information.

Perpetrators who once came in from the "front door" of a network, using their skills to penetrate firewalls, are now taking advantage of open user accounts from employees who get fired.

The potential for harm is great: Experts expect insider attacks to be a top security threat for 2006.

Henning said Tivoli Identity Manager Express can quash orphan accounts by giving managers control over who has access to what information and matching user accounts with current employee information.

Because the software automates the way managers can verify employee access, the new IBM software can also make it easier to meet federal compliance requirements for internal controls.

The software can manage who has access to what accounts so that companies can show auditors that they verify employee access for a set time period.

Priced at $24 per user for a base license of a minimum of 100 users, Tivoli Identity Manager Express will be available at the end of the month.

The news comes as the popular RSA Security conference is coming to a close in San Jose, Calif., this week, where Microsoft, VeriSign, RSA and a host of other vendors convened to discuss security issues and new forms of digital authentication software.