Hi [name] ... because of WikiLeaks you need to …. (insert self-serving statement here).
OK, we’re a little cynical, but there's been quite a few emails starting similar to the line above about.. But what we do think is that WikiLeaks presents a great opportunity to sell IT security to the ‘executive suite’. WikiLeaks is undoubtedly high profile, and (most!) executives can easily make the mental leap to their sensitive data.
We reckon it’s an opportune time to hammer home a few key points to the exec team:
- Data leakage happens all the time, sometimes without the organisation’s knowledge. This one just happens to be very public!
- There is a criminal marketplace for the trade of personally identifiable information, financial records and so on.
- Data can escape by numerous means including human error, theft or fraud from inside or out, or in an automated fashion via malware and bots.
- Whilst your IT security team probably can’t thwart all attempts to get at sensitive information, through vigilance and quick reactions the damage can be greatly minimised.
So what’s the potential payoff for you, assuming you can get some exec recognition of these points?
For starters, some recognition. And hopefully greater executive understanding of - and approval for - projects and technologies that will help to:
- assess where your sensitive data lives, who has access to it and under what conditions or restrictions
- identify when data is being inappropriately accessed, prevent access if prudent, and be able prove it
- describe typical ways data may escape, and potential action plans in the event it does
Basically, the stuff that when not done effectively, can lead to a “WikiLeaks event”!
Anti-WikiLeaks Kit
A little tongue in cheek given the preceding article, but these are three of our partners who can address parts of the data loss prevention problem.
Imperva:
Areas addressed – database, web applications and unstructured files
How they can help – database discovery, firewalling, alerts, audit and reporting
(There’s a specific 15 minute or so “WikiLeaks video” at Imperva’s site by Imperva’s CTO that “cuts through the WikiLeaks clutter to help organizations bolster their overall data security.”)
BeyondTrust:
Areas addressed – administrator access to UNIX, Linux and virtualised environments
How they can help - delegate privileges and authorization without disclosing the root or admin password, audit and reporting
Imprivata:
Areas addressed – application access and user authentication
How they can help – strong authentication to networks and applications, enterprise single sign-on, reporting including shared credentials (passwords)
(this content was originally included in our December 2010 newsletter. Register to receive these periodic newsletters here.
Share this...
