Wikileaks is all over the news these days and raising questions about the balance of freedom of speech and the interest of national security. It also seems to have brought up questions about individual organization data security and management. I have read many articles lately from IT companies and security companies about the best way or solutions out there to make sure that your company is not the next Wikileaks type victim. Many of these involve buying some type of software to block users from accessing certain types of data or certain user’s emails. Some folks even suggest stopping the of sharing information through the organization and turning off all USB ports and optical drives.
The more I read about these solutions the more I think one of the large problems that many companies need to address is to understand exactly where their content resides and who has access to it. Many companies do not have any type of data map developed or policies in place to address where information is to be stored and where data is not to be stored. If you don’t know where your data resides or who has access to it then monitoring it becomes much more difficult.
So before you run out and buy some software to Wikileaks proof your data you may want to map out where your data is located throughout the organization. Once you know where your information is then you can start developing policies on who has access to what. This can normally be done through user rights and setting up groups on a network. Of course, adding some type of software can help, but data mapping and policy creation can be seen as the first steps in sealing any possible information leaks.
Miller Montague December 10 2010