Data on Presidential helicopter goes astray
By Martin Abrahams-Oracle on Mar 07, 2009
The BBC reports that information about the Presidential helicopter has been exposed inappropriately. Apparently an executive working for a defense contractor was running file sharing software, and the file in question wound up on an Iranian computer.
The information was low-grade - no real harm done - but the story illustrates how easily information gets out and about. It also illustrates how third parties, such as contractors, can lose your information even if you do not, and how some technology focuses on leak detection rather than prevention.
My initial reaction was to think about how an enterprise would typically lock down all the network ports/protocols that would allow for file sharing such as this to occur. But this is no good when laptops are taken home or documents are stored on USB devices and worked on using home computers.
The BBC says that "Keith Tagliaferri, director of operations at Tiversa, said the employee who inadvertently disclosed the information was a high-level executive - and the breach had taken place outside the company's offices."
Traditional network security tools such as firewalls simply do not protect against these types of problems. Even DLP technologies can only be effective at the points where DLP agents are deployed. It is impossible to protect every channel and its why IRM is a good compliment to these existing techniques.
Protecting the most valuable content is most effectively done when the security controls are around the content itself, no matter where it resides nor where it is transmitted to.