ABSTRACT
The Final Tale from the Security Consultant We were engaged to help a very large loan provider based in the United States to enable access to its core databases from service providers located around the world. Th is move was driven by an enterprise business decision to farm out as many support services as possible in order to reduce the management cost of the systems. It is the same story that we are sure many of you have experienced. We will not go into the details of the security risks that this situation presented, though there were many. And though we were technically successful in our engagement by serving as a content expert and providing countermeasures to our sponsor, the team was not able to fully reduce all of the security constraints on this project. As a result, our sponsor, the CISO for the organization, was only able to have the team implement 60 percent of the recommended corrective actions that all of us deemed necessary. Th e fi nal result was the security risks had been reduced, but a great deal of customer data had just become, in our opinion, far too exposed to exploitation or theft.
