WikiLeaks: Will The Lapses In Security Leading To Massive Data Breaches Serve As A Wakeup Call For Us?

Khalid Kark

In the past few days, almost every conversation I have had with a CISO has somehow stumbled onto the topic of the data breach at the US Department of Defense (DoD) and subsequent release of that information through WikiLeaks. Many CISOs have told us that their executives are asking for reassurances that this type of large-scale data disclosure is not possible in their organization. Some executives have even asked the security team to provide presentations to management educating them on their existing security controls against similar attacks. Responding to these questions is tricky: “It’s like treading on a thin ice,” commented one CISO. If you tell them everything is under control you may create a false sense of security. If you tell them that it is very likely that such an incident can happen within their organization – it may be a career limiting move.

I would recommend giving the executives a dose of reality. I do many security assessments for our clients and often find that many organizations are solely relying too much on technology and infrastructure protections they have. Today’s reality is very different. We often operate in a global context with large and complex IT environments making it hard to monitor and track data and we are sharing a tremendous amount of sensitive information with business partners and third parties. All of these realities were faced by the US government as well and probably all contributed to the circumstances that led to the disclosure of data.

 As many of you try to extract the lessons learned from this episode, here is my take on it – It is a failure of not a single security control but a set of multiple preventative and detective lapses.

Failure of preventative controls: Governance, Oversight and Access Control

Read more

Unlock The Value Of Your Data With Azure DataMarket

James Staten

If the next eBay blasts onto the scene but no one sees it happen, does it make a sound? Bob Muglia, in his keynote yesterday at the Microsoft Professional Developers Conference, announced a slew of enhancements for the Windows Azure cloud platform but glossed over a new feature that may turn out to be more valuable to your business than the entire platform-as-a-service (PaaS) market. That feature (so poorly positioned as an “aisle” in the Windows Azure Marketplace) is Azure DataMarket, the former Project Dallas. The basics of this offering are pretty underwhelming – it’s a place where data sets can be stored and accessed, much like Public Data Sets on Amazon Web Services and those hosted by Google labs. But what makes Microsoft’s offering different is the mechanisms around these data sets that make access and monetization far easier.

Read more