Wikileaks Positive Side Effect for IT Fri 10 Dec 10
The disclosure of diplomatic cables by the organization Wikileaks got a tremendous amount of attention. Given that the story involves issues related to theft, sexual assault, the moral duty for civil disobedience and just plain gossip, this is not at all surprising.
We shouldn't take any comfort in the notion that this is just an issue for the government. The corporate world may be next. Recently there have been rumors that Wikileak's next target is Bank of America. In addition a hacker group in support of Wikileaks took Mastercard's website down for a period of time in retaliation for Mastercard blocking payments to Wikileaks.
Although most of us will likely never be working for an institution that would be of interest to Wikileaks, that doesn't mean we won't be affected by the Wikileaks phenomenon. Someone acting with malice or with a real or perceived concern about pay inequity couldn't publish salary data and find a receptive local audience. Customer information, design data, safety records could all be easily published with damaging results even if they don't rise to the attention level of Wikileaks. The fact that the information is taken out of context and may not actually be accurate is not important as perception soon takes over reality.
The technology has long been available to everyone to become their own Wikileaks-like organization in regard to the institutions they are involved with. Inexpensive USB memory sticks and hard drives full of data on our laptops give people the ability to remove data from our companies very easily.
No doubt that after a lot of discussion and hand wringing IT will be instructed to "do something about security". The good news is that there is much we can and should do.
There are a number of data loss prevention systems and techniques that can control data from leaving your system. The downside is that there are trade-offs including cost and impact on your business. While controlling the flow of information can protect your data it can also limit your ability to do business.
This is the classic security dilemma. Everyone wants three things; tight security, ease of use and low cost. The dilemma is that you only truly have a choice of two. As a result we compromise to balance these three factors to suit our needs. Our job as IT leader is to help determine the right balance, to be an honest broker in evaluating pros and cons and to lead the discussion and decision.
The one interesting aspect of the Wikileaks inspired drive to re-look at data protection is that it may cause us to do the right thing for the wrong reason.
Yes, Wikileaks type data losses are a threat for any organization but for the vast majority it is not a likely threat. I believe a more likely threat is the inadvertent loss of data rather than losing data through some deliberate action.
This inadvertent loss is from such things as our employees emailing sensitive information to vendors or a laptop full of information being lost or stolen. A simple Google search of laptops and “social security numbers” results in a long list of stories that demonstrates that this is not an uncommon experience. It all reminds me of that famous Pogo cartoon from the first Earth Day where Pogo realizes “We have met the enemy and he is us.”
So while we implement data loss prevention measures to save ourselves in fear of a Wikileaks episode that never comes we just may find it keeps us from harming ourselves. That may not be such a bad thing after all.
This article is also posted on Forbes.com. Feel free to join in the discussion either on this site or at Forbes.com
If this topic was of interest, you might also like these: