The Real Scandal
Everyone loves a good scandal, and by far the biggest one in 2010–as measured by the monstrous volume of dirty laundry that came to light–was the release of over 250,000 United States embassy diplomatic cables by the Wikileaks website in late November. While the publication of the cables has caused massive consternation and embarrassment for the US government and its allies, the actual content of most of the cables has so far proved not very revealing and, in fact, quite banal; rarely rising above the level of gossipy sniping between bureaucrats from various governments.
While the mainstream media has focused on the gossip, the real impact of the scandal has been to bring attention to the field of data loss prevention (DLP). Tech publications and blogs have zeroed in on the questions of how the huge leak could have happened in the first place, and what are the lessons for large organizations concerned about protecting sensitive data. Speculation about the source of the leak has centred around a lowly private first class
from the US army’s intelligence division. This begs the obvious questions of why such a low-level operative had ready access to such massive amounts of confidential information, and what kinds of technological and procedural protocols were in place that he could have so easily copied the cables to a CD or portable drive, and then made off with the data without anyone becoming aware of it.
So far, global corporate culture has mostly shrugged at the possibility of a similar incident in the private sector. In a recent poll on the IT website ZDNet, over 40% of US-based respondents said that the Wikileaks situation has not made them rethink their organization’s data security. Respondents from other countries were even more complacent. But corporate CIOs should be asking some hard questions of their IT departments. After all, the image of an army private disenchanted with his government can be easily mapped onto that of a disgruntled data entry clerk with access to corporate accounting statements and internal correspondence.
The good news for those who care to do something about DLP is that IT experts assessing the diplomatic cables fiasco from the outside say that it could have been prevented entirely with existing technology. It remains to be seen, however, if corporate leaders will give more weight to DLP in their risk management strategies as a result.
Copyright 2011 Rogers Publishing Ltd. This article first appeared in the January 2011 edition of Canadian Insurance Top Broker magazine.