An end to Enrons

Forget Michael Jackson. The real courtroom dramas today are the trials of Kenneth Lay, Bernie Ebbers, and Dennis Kozlowski in connection with misdeeds at Enron, WorldCom, and Tyco, respectively. Today’s execs have more to worry about, thanks to Sarbanes-Oxley and other tough laws passed in the wake of these and other corporate scandals.

That’s why our terrific cover package by Test Center Contributing Editor Mike Heck is so timely (see “Clamp Down on Security Leaks,” page 30). Heck examines solutions that plug leaks caused by corporate employees — a growing concern estimated to account for 75 percent of the $200 billion in U.S. security losses yearly.

But could such systems have prevented scandals such as Enron?

Vendors say yes. “Monitoring technologies can now identify problems not only from what is said but how it is said or its context,” says Brett Schklar, senior director of product and marketing at Vericept. Messages can also be scanned for “behavioral red flags,” such as changing a file extension in order to sneak a document out of the network, adds Tablus President and CEO Jim Pante.

Companies that install such software are often surprised at what they discover. Reconnex says one large government agency with strict rules about Internet use found that, in the first 48 hours of monitoring alone, its employees visited 2,005 adult-content Web pages, 4,563 racist pages, and 58,405 shopping pages.

Vendors place activity-monitoring agents on servers and desktops to prevent incidents such as the recent case in which New Jersey bank employees allegedly sold data on some 500,000 customers at $10 per name. “Our product could have detected the repeated access to customer accounts, noted any attempts to cut and paste that data, and tracked where the data was ultimately sent, even if it was encrypted,” says Ken Davis, vice president of Oakley Networks (see Product Previews, page 10).

Products such as iLumin’s Assentor can also be set to block suspect transmissions until they are reviewed, says Mike Gundling, senior vice president of product management at iLumin.

With such tools in place, Oakley’s Davis argues, “Many of the abusive behaviors [at Enron] could have been detected much earlier.”

The wild card, of course, is human frailty. What if compliance officers themselves had been part of these conspiracies? As Reconnex CEO Don Massaro puts it, “I am confident our system could have detected the corporate misdeeds at Enron, WorldCom, and so forth. [But] would the executives at the helm of those companies have taken action?”

We may have to wait for the next round of scandals to know.