How comfortable are you with sharing data within your organization these days?
The news surrounding Wikileaks, especially the possibility of it extending to the corporate world, has put a chill into the notion of using technology to increase sharing and dissemination of data. It was, after all, efforts to improve sharing of information across various government agencies that enabled just one individual to access huge amounts of sensitive data that then ended up being made public.
What can be done?
Meet the Mentat
In Frank Herbert’s “Dune”, addressing the vulnerability of technology was taken to the extreme. Rather than trusting important information storage and calculations to machines that could be compromised*, human “mentats” were used. These were individuals trained to have superhuman cognitive and analytical abilities and basically removed the technology factor and its inherent weakness from the equation completely. But the value was still there; the need for it had not gone away.
Well, we can’t train mentats yet, so we’re stuck with computers, networks, etc. to provide the storage, analysis, and collaboration value we need to be competitive. But we’ve seen already just how vulnerable we are when these systems are compromised. We store so much information in these systems, both for the ability to recall it when we need it as well as to gain powerful insights through analysis of it. We also get huge value from collaboration technologies, but they can also make us susceptible.
So what to do? If we can’t eliminate the technology, should we instead look for that perfect technological solution?
Fighting the Last War
The Maginot Line was built after World War I, with the memory of the horrific casualty rates of trench warfare etched into strategists’ minds. The technology of rifles, machine guns, and artillery had reached peak lethality, so the mindset of “defensive” technologies took hold. What followed was intense research into creating an impenetrable defense to virtually “guarantee” that the enemy could not attack successfully. The technology was impressive, but ultimately ineffective, because the ways used to defeat it never came into the thinking of its design.
So it is that much of the mindset around information security is about trying to set up impenetrable defenses to “guarantee” the security of sensitive information. Well, just as the Maginot Line proved less than effective during the subsequent blitzkrieg warfare of World War II, so it is that current information (and airport, etc.) security measures and strategies frequently turn out to be not as effective as we would like. Instead, we see what seems to be a lot of “reactive” steps, such as forbidding removable media, backscatter x-ray, etc. put into place after the proverbial horse had left the barn.
But this doesn’t mean technology has no part to play, either.
Technology + Mindset
So let’s bring a science fiction novel, a military misstep, and current events together. The point is that neither eliminating technology nor just depending on technology is the answer. We must instead constantly be questioning our mindset regarding information security and technology’s role in it. Whatever the technology, it is ultimately people, their thinking, and how they apply technology that determines the success of security, or the lack thereof.
*or worse, turn against their human masters (but that’s not an issue for us to concern ourselves with, yet.)
Dune cover via Wikipedia
Hochwald historic photo via Wikipedia