Ipswitch Blog

WikiLeaks isn’t the problem. USB drives aren’t the problem either.

| December 1, 2010 | Compliance, Data Breach, Enforcement, Managed File Transfer, Secure File Transfer

Okay we get it.  WikiLeaks had the gumption to collect private cables sent to and from the United States State Department, and actually publish them on a website accessible by anyone with Internet access.  But the United States State Department blaming USB thumb drives and/or WikiLeaks for their failure to properly mitigate the risks associated with sensitive communications between government officials and ambassadors is just ridiculous.

I remember shortly after the 9/11 terrorist attacks the country waged all-out war on white box vans at U-Haul trucks, because those might have been the means in which terrorists would conduct future attacks.  Creating an immediate policy that bans the use of USB thumb drives by United States government officials is not only overkill, but it also doesn’t make sense and it won’t work unless we also start banning iPhone’s, blackberries, digital cameras, portable scanners, wristwatches, necklaces, belts, laptops, fax machines, e-mail and all the other ways that individuals are storing and moving information.

Here’s an opportunity for our government to start to consider not just classifying data but generally making an effort to enforce policies around access and usage.  Of the hundreds of thousands of tables that have been reportedly sent to Wikileaks, some news agencies are reporting over 3 million individuals have access.  Let’s put that into perspective.  If one of the world’s largest financial institutions decided to give 3 million individuals access to Social Security numbers, bank accounts and credit card numbers that financial institution would be run out of business and subject to fines, penalties and the mundane congressional hearing.  It just doesn’t happen.

Just like any company or institution that stores and shares data on its customers and/or constituents, the US government, specifically the US State Department needs to be held accountable for access control policies, the enforcement of those policies and visibility into both the access of and usage of sensitive information.  But clearly there is an issue of way too many ungoverned pipes connected to critical data stores and sources.  Managed file transfer is certainly part of the answer.  Consolidating all of those ungoverned pipes can help as well.  A little content management and DLP may likely be valuable too.  Or maybe just a good old reclassification and risk mitigation of sensitive data so that it isn’t accessible by 3 million people.

Over the last 9 1/4 years we stopped a lot of white box vans but I’ve yet to see a security report or an intelligence report (provided by the news media, I am not one of the 3 million who have access to that type of information) that says we’ve significantly mitigated our risk of terror attacks because we don’t allow white box vans.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.