Published: 01 Jul 2007
Dave Drab is a rarity. A career FBI man who started out in the identification division and spent a number of years bringing down various Mafia families in the Midwest, Drab recognized early on the growing importance of computers in criminal investigations. Now the head of information and content security services at Xerox Global Services, Drab puts his expertise to work in protecting customers' most valuable assets: intellectual property.
How big was the insider threat to intellectual property seven or eight years ago when you were with the FBI and were involved in the case that produced the first indictment under the Economic Espionage Act? Before we encountered this new world that we live in today--that's highly globalized and highly technical with Internet connectivity, digitalization of all information assets, diversified business models and new technologies that are constantly inundating the business environment--we began to see that the traditional methods of protecting information had changed.
In the old sense, you had critical assets you locked in a vault, and you initiated policies that were to be followed regarding the handling of those assets. But now the environment has dramatically changed and it's difficult to know where the borders of a document reside. The insider threat has always been around, but it's being appreciated in a different way today because of the enormous damage that an individual can deliver to an organization just by being able to access, download and walk out the door with a lot of assets. In the old days, you had to haul a file cabinet out of the organization, but today you can do it with an iPod.
There's been a lot of talk from researchers about the threat to corporate networks from non-PC devices, such as printers. How real is that threat? Very real. Copy machines were simply copy machines and in the late '90s when vendors such as Xerox began to add features they added a lot of sophistication in design, and because of that, there was a lot of risk. Is it likely that they're going to be a point of attack in an organization? That's debatable. But the multifunction device environment is certainly an avenue that could be used.
When you talk to customers, what are the threats that keep them up at night? Accounting for the access to documents and tracking documents is highly critical. To wake up one morning and find a document displayed on a Web site is a little disquieting to any CEO. The risk that protected information, or confidential trade secret information falling into the wrong hands, is one of growing concern because we've realized that along with the advent of regulatory law comes responsibility. We have not seen a great degree of enforcement or penalties invoked on executives that fail to adhere to GLBA or HIPAA, but I believe that we will. The handwriting is on the wall.
Download the complete interview with Dave Drab at searchsecurity.com.