WikiLeaks incident raises concerns for corporations

wikileaks Catching up on some reading, I see that in response to the recent WikiLeaks publication of classified US State Department cables, the US Office of Management and Budget has issued a memo, reiterating the instructions that agencies perform a self-assessment of how well they handle and protect classified information.

Clearly, the WikiLeaks incident has significantly elevated security concerns for government agencies (and should also raise concerns for corporations).

The good news is that the OMB guidelines (published here by MSNBC), provide 11 pages of clearly-worded questions, which should serve as a good starting point for agencies as they begin to better secure their systems. While the questions cover a broad set of topics (including “Safeguarding” and “Counterintelligence”), the first section (“Management & Oversight”) contains the following key questions, right up front:

  • Does your agency have sufficient measures in place to determine appropriate access for employees to classified information in automated systems?
  • During initial account activation/setup?
  • Periodically to determine if access is adequate to perform the assigned tasks or exceeds those necessary to perform assigned tasks, and adjust them accordingly?

These are great questions, which get to the heart of the matter of obtaining visibility and control of user access. I’m glad to see the increasing recognition that establishing and operationalizing access governance policies and processes are key to achieving a healthy balance between security control and user productivity.

While the OMB does not regulate private enterprises, we should nonetheless learn from their recommendations, and embrace their approach to access governance.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Brian Cleary is vice president of products and marketing at Aveksa, a leading provider of enterprise access governance solutions. Brian has more than 17 years of experience directing technology marketing initiatives for both emerging technology companies and top-tier enterprise software vendors. In previous positions, Brian served as vice president of marketing at OpenPages and as senior vice president of marketing at Computer Associates (CA). He has also held management positions at Netegrity, Allaire Corporation and Macromedia. He holds a bachelor’s degree from Syracuse University.