Platinum Partner
soa,enterprise-integration,security,architecture,governance,infrastructure

Wikileaks and Governance

Whether or not you support the leaking of 250,000 embassy cables to the now infamous Wikileaks website, it certainly makes you think. Whatever business you are in there always emails or data that would be embarrassing or more likely harmful to our business if they were made widely available. So what is the lesson to be learnt from the Cablegate affair?

The blame for the issue seems to be landing on a certain US private Bradley Manning. But I place the blame directly on a lack of Governance and poor IT systems. And the measures that have so far been announced - things like removing CD drives from classified systems - are simply the wrong approach. The real problem is why any one person - whatever level of clearance they had - should have access to all 250,000 cables.

Without going into the details of XACML and policy-based entitlement models, suffice it to say that the right approach is to base access not only on the person, but the reason they have for accessing the data. Using policy-based entitlement, it is possible to have a well-defined Governance model where a person is given access to just the right data at just the right time for just the right purpose, and that this can be managed in a process-driven, auditable and controlled manner.

If you live in a crime area and you leave your door open, you will be burgled. If you don't put in place good security and data governance, then it is you that will be blamed, not just the guy who steals your data.

And if you want the technical low-down on XACML, start here, here and here.
{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}