Too Much Information...

By Dr. Guy Bunker @guybunker

Too much information

The more news stories you read around security and information breaches, the more you realise we have a long way to go before we (as governments, organizations, companies and individuals) become competent in sharing information securely. One of the biggest challenges is we don’t understand the consequences of inappropriate sharing... or rather, not everyone understands the consequences.

We see and hear about cyber-attacks which steal information from systems, resulting in large fines and damaged reputations – and that certainly focuses the mind of senior individuals. Increases in regulation in some jurisdictions means that custodial sentences are on the cards in the future when there has been negligence around information security.

For most organizations these days, not sharing information is not an option. The ‘trick’ is to know what you are sharing, with whom, and how. Simple questions that turn out to be tough to answer – as the standard response ends up being “everything, everybody, every way possible”. For the CIO, this is a nightmare.

Of course, today we live in an age of collaboration with information needing to be shared with people outside the organization, just as much as inside. Outside the organization, there is little control over the 3rd party individuals. There needs to be a change in both applications and in identity to help organizations both control and audit information access.

For applications, I would recommend reading the paper by Ann Cavoukian, “Privacy By Design: The 7 Foundation Principles”. For identity, take a look at the Jericho Forum Identity Commandments, the Global Identity Foundation and the recently launched Respect Network.

Understanding some of the basic principles will help reduce the risk of information theft, and while the next generation of identity is still in its early stages, the next generation of applications and information sharing should take privacy more seriously.

There are plenty of applications which need ‘help’ in keeping their critical information safe and that’s where Data Loss Prevention (DLP) solutions come into play. But with business reliant on collaboration, the false positives which occur in traditional DLP can hinder the communication flow. Next generation DLP from utilises advanced technology such as Adaptive Redaction, which removes only the critical information from communications (email, attachments, web uploads) while leaving the rest untouched. Adaptive Redaction enables secure continuous collaboration. Stripping out critical information as it crosses a boundary is the topic of my talk at InfoGovCon 2014, in Hartford, CT in September – if you are going, it would be great to meet you!

To use that old saying, “may you live in interesting times”, and we certainly do.