Loose Lips Sink Ships… and Navies… and Nations
I am returning from a business trip in Mainz, Germany, home of Johannes Gutenberg, who invented the modern printing press in the mid-15th century. While at an exhibit, I began considering all the benefits ushered in by Gutenberg’s press. I also started thinking about the drawbacks it had compared to modern technology. It was then that I began to see many correlations to how data is still being treated by most organizations today.
The premise was simple. The printing press consisted of formatted metal blocks that could be inserted and moved into columns and rows in the press. You would then setup your printing press with all the information you wanted in that page and then you would have someone run off as many copies as you needed. Repeat for every page of data. Depending on how many pages and copies, that process would take days, weeks, or months. (It is widely held that it took Gutenberg several years to print the copies of his famous version of the Bible.) Then, after a copy was completely done, it would make its way (probably via a merchant) to someone’s home to be used and then kept as part of their library (it was a sign of distinction and status to display your books, in those times).
Does this sound familiar?
- You require someone (or several) to produce a copy of that data every time a request is made.
- You require someone to ship that data to its final destination, or perhaps to someone else who will then get it to its final destination
- Once your copy has made it to its destination, it indefinitely stays there…or not…you don’t really know, it’s completely in the hands of the requestor.
It’s the last point that is the concern in this blog
The printing press was awesome. It solved the need of getting data out to the masses. It also was called upon to duplicate and disseminate intelligence and other sensitive communications. In those cases they relied on physical and human controls to limit the risk exposure. And most organizations are still employing this 15th century security approach to data today, and they are doing so at great peril to their self and their organization, company, or country. Sure data is encrypted from endpoint to endpoint (I hope), but we live in a time where we need to take these additional steps.
Provide the right data to the right people
Reduce attack vectors by providing the right data to the right place at the right time, and only the right time
Recently, I had this conversation with a US Navy Rear Admiral, “If your information is actually sensitive, your approach to data sure doesn’t reflect it.” He looked at me with a curious smirk, then I continued. “You’re creating copies of your data all over your enterprise: Dev, Staging, Test, Break-Fix, Analytics. Most with little to no sanitization. You are relying on people to do the right thing, a la Snowden.” He got it.
While you may insist you don’t have a printing press in your Data Estate (Apps, BI, DR, Tactical Deployment), your approach to data security disagrees with you. Copies of unmasked data are worse than loose lips.
Recent Comments