Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

USB drives, old hard drives and the laptop left in the front seat of a car all pose huge risks. Home Depot, Pfizer and the VA all ran into trouble when laptops holding confidential information were stolen. Without preventing sensitive data from ever getting on these portable devices in the first place, it's nearly impossible to secure against an opportunistic thief or simple forgetfulness.

Nightmare four: Blabber-blogs - Internal blogs are great, unless employees start spilling company secrets

Web 2.0, VoIP, and other new technologies are driving security pros crazy - at least at those organizations on the ball enough to pay attention to them. Take something as simple as blogging.

At Microsoft, the blog Mini-Microsoft has stirred up a bunch of controversy. According to the blog's author, a Microsoft employee who wishes to remain anonymous, the blog was started as a forum for "exposing lunch-time conversations of a lot of people going over the issues and concerns they had about Microsoft."

In our e-mail interview with Mini-Microsoft's author, he says, "You see a lot of deep, well-thought-out, constructive criticism from the inside. I can't say this goes anywhere, even today. . . Two years ago, when a lot of the concerns became public, something got done. Would it have happened without the blog? Maybe. Probably not, though."

Aberdeen's Baroudi has a problem with anonymous corporate blogs. "Anonymous blogs are irresponsible. If you feel that strongly and you're unwilling to put your name to it, it loses credibility. If you put your name to it, there's a dialogue."

Could Mini-Microsoft be as effective minus the cloak of anonymity? "Absolutely not," Mini-Microsoft wrote. "If I had started this blog under my real name then I would be shut down quickly by people who would just question how a person working on XYZ could possibly have a say about [an unrelated] project.

"There'd be more criticism for who I was and what my responsibilities are. 'Hey, why don't you blog about how your feature bar is broken?' That's human nature. The mystery allows an assumption of knowledge and provides permission to ponder. And I can't say it would be seen as career empowerment for the leadership up the chain from me."

Advocate blogs pose a serious dilemma for IT security. The anonymous soul-of-the-company ones like Mini-Microsoft are highly valued by employees. Whistle-blower blogs like those from Los Alamos National Labs are even more valuable because they exposed the dysfunctional practices that threatened national security.

However, these blogs do pose risks. If confidential data is leaked, for instance, management has a valid reason to worry. PR and marketing executives tear their hair out figuring out how to respond to the bad press that often accompanies these blogs.

Most organizations, though, simply have no idea how to handle these blogs, and, as a result, most either ignore them or make the mistake of trying to shut them down - which usually worsens morale and generates more bad press.

Other new technologies present equal quandaries. Take IBM's Many Eyes, which is essentially a mashup application for visualizing data. "There is a lot of data there that probably shouldn't be," said Forrester's Young. "You can find sales forecasts and corporate income statements." Many Eyes doesn't always show where the data is coming from, but much of it isn't hard to figure out.

There is even data from government agencies, including the CIA. If the Secret Service can't be trusted not to send out unencrypted itineraries, it's not a stretch to worry about what it's posting on Many Eyes.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?