After I posted this about the faux pas by the head of counter-terrorism in the UK, a security buddy of mine and I we chatting over a beer about how bad this problem's getting.
1. In the age of electronic information, its ironic that so much printing goes on. Xerox reckons companies spend 3-4% of revenue on printing. That's one heckuva lotta paper - and you can guarantee that a good amount of that is senstive stuff - and we have no idea of where it's being printed.
2. You used to need to go a dedicated place to talk about stuff on the phone. Nowadays people can - and frequently do - talk about anything, anywhere on mobile phones. Airport gate waiting areas are the worst - I was next to a guy giving an employee his performance review a couple of weeks ago. I'm sure the poor employee on the other end didn't appreciate his shortcomings being shared with half of O'Hare!
3. To make stuff available to people, you don't actively need send it to them. If you put it in the wrong folder on your laptop, it could end up on a P2P network. If you stick it an a file share, it could end up on Google. And don't get me started on Sharepoint. That thing is a black hole for sensitive information - and it ain't the product's fault, it's the people that use it. I mean when was the last time anyone deleted anything from a Sharepoint server? Seriously, trying to share stuff only with the people you intended to is really, really difficult these days.
That's why I reckon we need to re-name the data leak prevention space eventually - since leaks are only a symptom, not a cause. And "leak" implies drip, drip, not a deluge!
You know.. the way SharePoint is spreading is starting to remind me of that old shampoo commercial.. and they tell two friend, and they tell two friends.. as the screen keeps doubling with photos...
Posted by: Andrew | 04/16/2009 at 10:54 AM