Okay we get it. WikiLeaks had the gumption to collect private cables sent to and from the United States State Department, and actually publish them on a website accessible by anyone with Internet access. But the United States State Department blaming USB thumb drives and/or WikiLeaks for their failure to properly mitigate the risks associated with sensitive communications between government officials and ambassadors is just ridiculous.
I remember shortly after the 9/11 terrorist attacks the country waged all-out war on white box vans at U-Haul trucks, because those might have been the means in which terrorists would conduct future attacks. Creating an immediate policy that bans the use of USB thumb drives by United States government officials is not only overkill, but it also doesn’t make sense and it won’t work unless we also start banning iPhone’s, blackberries, digital cameras, portable scanners, wristwatches, necklaces, belts, laptops, fax machines, e-mail and all the other ways that individuals are storing and moving information.
Here’s an opportunity for our government to start to consider not just classifying data but generally making an effort to enforce policies around access and usage. Of the hundreds of thousands of tables that have been reportedly sent to Wikileaks, some news agencies are reporting over 3 million individuals have access. Let’s put that into perspective. If one of the world’s largest financial institutions decided to give 3 million individuals access to Social Security numbers, bank accounts and credit card numbers that financial institution would be run out of business and subject to fines, penalties and the mundane congressional hearing. It just doesn’t happen.
Just like any company or institution that stores and shares data on its customers and/or constituents, the US government, specifically the US State Department needs to be held accountable for access control policies, the enforcement of those policies and visibility into both the access of and usage of sensitive information. But clearly there is an issue of way too many ungoverned pipes connected to critical data stores and sources. Managed file transfer is certainly part of the answer. Consolidating all of those ungoverned pipes can help as well. A little content management and DLP may likely be valuable too. Or maybe just a good old reclassification and risk mitigation of sensitive data so that it isn’t accessible by 3 million people.
Over the last 9 1/4 years we stopped a lot of white box vans but I’ve yet to see a security report or an intelligence report (provided by the news media, I am not one of the 3 million who have access to that type of information) that says we’ve significantly mitigated our risk of terror attacks because we don’t allow white box vans.
Frank Kenney is Vice President, Global Strategy and Product Management at Ipswitch, responsible for defining the company's vision and strategy and integrating his global perspective into the products, services and messaging. Frank brings an unmatched depth of experience and knowledge in the managed file transfer space to the team. Most recently, Frank was a Research Director at Gartner, Inc., responsible for analyzing topics including managed file transfer, application integration, SOA, and business process management. He initiated and drove the Magic Quadrants on managed file transfer and SOA governance technologies. Before joining Gartner, Frank was Director of Creative Services and Content Distribution at the Executive Business Group. Frank holds a degree in Music Technology from the Center for the Media Arts and has studied English and Computer Science at University of Tampa. When not working, Frank can be found living the life of a frustrated musician and producer in his home studio in Tampa.
One Response to “WikiLeaks isn’t the problem. USB drives aren’t the problem either.”
Leave a Reply