Un-ethical hacking. Oracle sues SAP for data mining.

Oracle's suit against SAP for hacking its customer portal is revealing but not shocking. As Rothman points out in the Daily Incite everybody is doing it. And as I posted to my blog  a couple of days ago some organizations have active competitive intelligence programs that step over the line.   But I disagree with Rothman on a key point. You should be worried about this and take every step you can to minimize exposing your data to your competition and beef up your security. And, oh yes, you should not engage in this type of activity. 

Your competition is collecting information on you all the time. They read your marketing literature. They have Google alerts sent to them when your company name appears in the news. They hire your people. They have copies of your price lists. That does not mean you should allow them to have access to your customer portal. You have to have strong access controls on those resources. If someone leaves your company you should revoke their access immediately.  You should monitor behavior on your portal so you know when someone has written a script to systematically hoover all the information from it. Simple things like displaying "last access" and "last failed attempt" notices whenever someone logs in (a method about as old as computers) are a big help. 

Thanks to Oracle for taking SAP to task for abusing their systems. I hope they have implemented some rudimentary security controls since this incident occurred.