“Cyber anarchists” Living In the Clouds Has Earthly RamificationsDocument Transcript
“Cyber anarchists” Living In the Clouds Has Earthly RamificationsBy Eric ColeWiki leaks teaches us two important lessons. First, in the electronic age there are no secrets. Thedifference between a secret electronic document and a public document is literally a one clickdifference. Second, regardless of all of the technology that is developed, an organization’s weakest linkwill and always be the human. It only takes one person to do the wrong thing (either intentionally oraccidentally) to have sensitive information compromised. Always remember that no matter what youdo or how hard you try, you cannot stop stupid. However you can limit or control stupid byimplementing proper access controls, checks and balances and reduce the footprint of a system. Doesevery system in an organization need to have the ability to plug in USB hard drives? If the answer is no,than why do we provide that functionality for everyone.In order to protect sensitive information and minimize data loss, leaders need to better understand theirenvironment. The first step is to answer three key questions: 1) What is the critical information 2) What business processes utilize it 3) What servers does it reside onYou cannot protect what you do not know about. Once you know what your critical information is, thenext key focus is to make sure proper classification of sensitive data is implemented for all systems.In the year 2010 most companies push to store as much information in electronic form as they can.With cloud computing this information can be accessible from anywhere in the world. Has anyone everasked if this is a good idea? While pushing functionality is important, extremes are never a good thing.We always need to achieve a balance between too much and too little information. Today, wiki leaksshows us that we are clearly putting too much information online. While it sounds simple, if informationis absolutely needed to perform a job function, properly controlled online access is good. Howeverthere is so much information online that is not required for an organization to run. If you look at muchof the information posted to wiki leaks, you start asking why was that information still online andaccessible to people who did not require it to perform their job function. Reducing the problem spaceby limiting what information is available, is a critical step organizations need to take to protectthemselves.