Information security in corporates in the age of wikileaks
We are living in an age, where no organization is beyond reach of information leak agents. Wikileaks did not spare American government, military and diplomatic offices. Julian Assange got 341K documents, which his team mined to show inconvenient truth.
Change of approach
The security system of the corporates must switch from system-centric approach to information-centric.
|System Centric||Information Centric|
|Perimeter based security||People are the new perimeter|
|Transaction applications||Collaborative applications and social media|
|Structured data||Unstructured data|
|Centralized information||Distributed information|
|On-premise infrastructure||Virtual infrastructure and cloud|
Practical scenario – If you take a quick poll of corporate employee, if they use an open share without ACL (access control list)for easy access, a lot of them would say yes.
Security thefts have become more sophisticated, as the time has passed. So, the strategy has to use 3-pronged attack to prevent any data comprosmise.
Data at the core of the security controls
Users should be equipped with OTP (one-time password), certificates to authenticate correct user. Data must use all possibles methods of DLP (Data Leak Prevention).
Identity and information protection strategy
As a first step, the system administrator along with the domain guy needs to discover sensitive information flow and accesses. Then, put safeguard in place.
Storage endpoint needs to be put in DMZ (demiliterized zone).
Data Loss Policy
It is important to sensitize people about data theft at various places. E.g. an inadvertent user sends out email, the attachment can be checked and an alert can thrown. It might automatically encrypt the attachment. There should not be any productivity loss, because DLP is all about people.
Continuous Risk Reduction
Encrypting key files is an important step, but key management is an issue. If file still lands at wrong hands, we can make use of poison pill to destroy the file. There can be a timer for continued use of the file.