Posts Tagged ‘data’
Just Finished Reading: “Islands in the Net” #wikileaks #books #datahaven
I’m reading Bruce Sterling‘s Islands in the Net – Amazon describes it as
Slightly dated science fiction about the near future can be fun, especially when it evokes a strange, chaotic, and dangerous world that’s uncomfortably close to our present one.
And the irony is that Amazon is involved in a situation with chilling parallels, with Wikileaks and lesser known Amazon customers being called data pirates, similar to the way they are described in the book.
Of course there are already existing data havens like Sealand, and there is the new creation of a data haven for journalists and free speech in Iceland.[1] Other data havens are almost certainly in creation, as described in another work of fiction Cryptonomicon. I believe that these are most probably currently being hosted in encrypted clusters by Google and Amazon, with or without their knowledge, and almost certainly these exist in smaller countries.
The next parallel is the violations of copyrighted materials by these data pirates, there is serious money in piracy just look at China and the streets of New York or any other major city. It’s already possible to become a paid member of a piracy group online – comparable to a piracy Netflix – where in exchange for your payment you get a monthly allotted number of points to use to download films and television series collecting points by sharing a fixed ratio more than you download, and where everything is tracked by the torrent tracker.
There are other parallels, but for that I advise you read the book…
ACM.ORG (Association for Computing Machinery) data leak #security
UPDATE: “After raising pressure a little bit (also by writing to [the Full-Disclosure] list) ACM has finally reacted and asked where the problem is.“
According to a post on Full-Disclosure there is a dataleak on the website of ACM. The “hacker” stated that 4 days ago he notified “ACM’s CEO John White of the severe data leak on acm.org – but the leak has not been fixed.“
Tightening your Security Budget #security
I was reading 6 Tips For Doing More Security With Less and was happily surprised by the following points:
1. Get out of the deployment business.
3. Get more out of your existing security tools and systems
1. Get out of the deployment business.
IT security should definitely be involved in selecting data protection tools, but shouldn’t be dealing with provisioning tools that require heavy customization, Forrester’s Jaquith says. That can drain already-limited resources.
Many companies want provisioning tools with which they can specifically add users and specific edit fields, they want a helpdesk to perform this task so they can have cheap labour without compromising security. This is a short term thinking by Forrester, in my opinion.
3. Get more out of your existing security tools and systems
[…]
Consider reorienting the more labor-intensive tools, such as those for data leakage prevention (DLP), he says. Forrester recommends using DLP products mainly for monitoring activity rather than for blocking the leakage of data. And enlist the help of your business units to get the big picture on where data is flowing in the organization. “If you are looking at DLP to stop a data leak, you’re probably a little too late. You need to understand how users are using the information they have, what they are downloading, [etc.],” he says.
Absolutely, if you are using DLP to prevent data leakage you are doing it wrong. Implementing controls to monitor data leakage and informing your employees is far more effective and less intensive on the budget. The recently passed Nokia Law to allow email snooping may look evil on the surface, but this is also part of DLP. Personally I am against the tactics used by Nokia, but they have a valid reason to monitor their network traffic for data leakage, corporate espionage.
Technorati Tags: nokia, law, data, leakage, prevention, provisioning, security, business