Wikileaks is well known as the repository of leaked sensitive documents in the past, but last week, they created a global sensation by posting 90,000 documents online about the Afghan war. These documents contain accounts of US engagements in the war zone, intelligence reports and videos – collectively providing inside (and classified) information about the US engagement in Afghanistan and much more.The huge disclosure has embarrassed the US administration and left President Obama red-faced. Now administration officials have ‘requested’ Wikileaks not to put up the remaining 15,000 documents since the leak documents have put at risk, the lives of American soldiers and their Afghan collaborators.
The question is whether any CxO or Board wants an embarrassing document leak ! Of course the answer will be a resounding “NO” but just wishing away trouble does not qualify as a good risk management practice. 90K documents were provided to Wikileaks by an insider and an insider can be anywhere. The Indian epic Mahabharatha, which was written a thousand years earlier, also says “Ghar ka bhedi Lanka dhaye” which translates into “The trusted family member is the one who brings down the house”, and in modern times the translation can be rewritten to read “the insider is the biggest risk”.
Coming back to the question posed earlier – while we strongly accept that we do not want any embarrassing data leak nor do we want a data breach. No organization will sit by waiting for someone to take away their confidential data, plans, ideas, inventions or IP and release it to the competition or in a public forum. The damage to business and to reputation will be immense and in such situations heads will roll, non-budget expenses will eat into profits, employee morale will suffer etc. and every reaction will extract it’s own pound of flesh weakening the organization.
A simple solution to avoid such a situation is to deploy Information Rights Management (IRM) to define and control access rights to data or documents. A relatively new security technology, with increasingly wide acceptance and deployment globally, a robust IRM solution like Seclore FileSecure will help “protect” data or documents at the time of creation or if they are saved in a designated folder or drive that has been ‘protected’.
At it’s simplest best, IRM will disable access to the data / document by any person who is not authorised to access the document. Access rights for reading, editing, printing copying can be defined t varying levels of restriction and the screen grab function can also be disabled. Considering this scenario, if any person does obtain the authorization credentials it will be a mammoth task for him / her to somehow pull out the information from 90k records in different file formats.
Another well known habit of the insiders is to carry data when they leave employment of the organization. With an IRM solution it is possible to terminate the access rights of any such employee / insider and render all data inaccessible. Data that has been copied or shared by this person will not be accessible too.
The organization CISO will do well to ensure the highest level of protection and can assure the users that using IRM will not bring any difficulty in their day-to-day work. The Seclore solution design provides a user-friendly interface allowing the user to be able to protect and access protected documents easily.
Posts
0 comments:
Post a Comment