There was yet another security breach inside the government this week and this one involved an employee sending personal information via the Internet.
What in the world does that mean?
Open letter to the White House CIO: please better define what you mean by Internet. As I said in earlier blog posts, whenever you pull people into the middle of information technology it is unreasonable to expect that they will self-enforce 100% of the policies 100% of the time. We won’t lock our laptops all the time. We won’t choose passwords that are totally random with a combination of numbers and punctuation (my WEP password for my wireless router is based on the key 3210abcdef!) No matter how many encryption products you put on our desktop we will forget to use them and we won’t check for SSL encryption and check the certificate on every website that we go to.
So what is company to do? They must make the assumption that people will shy away from following policy when following that policy the policy stymies their productivity. (And from what I’ve seen many corporate policies do stymie productivity) Companies need to deploy technologies that allow them to transparently manage and enforce security and usage policies.
Okay ladies and gentlemen, here is the one crisp and pithy statement from your dear blogger:
“The protection of data should be a consistent concern and process throughout all areas of the company; whether it’s an administrative assistant writing a credit card number on a Post-it or it’s your SAP module sending information to an EDI translator and out to a business partner.”
Okay that wasn’t so pithy but here is another one: “Information security policies must be clear and straightforward and assuming that you can cover everything by using blanket terms like “personal information should not be sent over the Internet unencrypted” actually increases the risk that you will end up on the front page of Google News, because someone in your organization surely has a different interpretation of what it means to send information over the Internet.”
About fkenney:
Frank Kenney is Vice President, Global Strategy and Product Management at Ipswitch, responsible for defining the company's vision and strategy and integrating his global perspective into the products, services and messaging. Frank brings an unmatched depth of experience and knowledge in the managed file transfer space to the team. Most recently, Frank was a Research Director at Gartner, Inc., responsible for analyzing topics including managed file transfer, application integration, SOA, and business process management. He initiated and drove the Magic Quadrants on managed file transfer and SOA governance technologies. Before joining Gartner, Frank was Director of Creative Services and Content Distribution at the Executive Business Group. Frank holds a degree in Music Technology from the Center for the Media Arts and has studied English and Computer Science at University of Tampa. When not working, Frank can be found living the life of a frustrated musician and producer in his home studio in Tampa.
You can leave a response, or trackback from your own site.
Leave a Reply
