1
I remember the first time I read in the Wall Street Journal (1999) that “doing wireless was like putting an RJ-45 Ethernet jack in your parking lot.” The implication was that the company’s most sensitive information would be readily accessible if someone simply drove into the parking lot and had a wireless card. The presence of wireless would allow a would-be hacker to spend the night draining your company of its valuable information. We were clearly forewarned. And it did in fact happen – over and over again!
When I was asked how to prevent security leaks for a Fortune 500 company, the first question to answer was, “who are we protecting ourselves from?” We identified several classes of potential threats and determined their relative ability to penetrate our security from lowest (1) to highest (5): 1. Hackers, 2. Corporate Espionage, 3. Disgruntled employees, 4. Careless employees, 5. Domestic and Foreign Governments.
It is true, that wireless link into the parking lot is a high risk element in your security and the same is true for the Internet access. But there are many affordable techniques that are readily deployed to ward off the Hacker trying to penetrate these defendable portals. They are typically looking for easy targets and do not waste much time trying hardened sites.
The Corporate Espionage motivated hacker has more staying power. They have an identified motive and it requires various levels of monitoring to warn you when this type of person is working overtime to get into your records.
The Disgruntled Employee has gotten a lot of attention over the years and is clearly a challenging threat that needs to be managed. And trying to defend against National Agencies is a topic of growing concern and topic for another day.
It’s the Careless Employee that generally poses the highest threat where the typical corporation can improve security without breaking the bank. We have determined that access to information from anywhere is more important than the risk. Our managers, employees and officers all have laptops and home computers with “secure” access to routinely download all the corporate spreadsheets, customer lists and contracts, update these and upload them back again. This is done in virtually every company in the technology enabled world. The result of this style of information management is that your most critical information is now everywhere. Copies are on home computers, laptops and traversing the unsecured Internet. In most cases, if a copy of a document went out to a remote laptop, we do not have a clear record.
We only need listen to the local news for a clear example. Healthnet, a Shelton CT company, lost a USB disk drive. It took them over six months to determine that it contained the health records of nearly 460,000 customers. Now that’s not only embarrassing, it’s criminal.
So most reading this article will say, “But that’s the only way we can be productive. Isn’t there a reasonable way to continue the productivity without the risk?”
The answer is yes, we can minimize the risk. The key is to follow a philosophy we are promoting at Fandotech. Instead of using the Internet to distribute your critical information “to everywhere” make centrally controlled and stored information available “from anywhere”.
We now have cost effective technologies that allow us to design access to your information from anywhere without actually sending the files out. Products like XenAPP from Citrix can be configured so the trusted user can log into an audited port and be granted the ability to view and edit appropriate documents without moving the document out of the data center control. This provides clear custody and control mechanisms for the integrity of the document. The Citrix remote access technologies also allow for the download of information when truly required, but requires a “sign out” and “sign in” that deletes the remote copy of the document and makes an audited record of who, when and where the documents went.
Now information is version controlled, backed up and audited centrally. Think of the cost savings potential and restful nights of sleep knowing your data is more secure!
Information everywhere is a weak link in the security of your information. People are people and they will lose things or they will steal things. Centralized information management that is auditable will minimize embarrassing events and minimize your risk.
John Boyd
Back to top