NEW YORK ( TheStreet) -- Much has been written recently about the WikiLeaks disclosure of hundreds of thousands of sensitive government documents and cables.
And despite a new method of distributing such massive amounts of information in this instance (via the Web), should anyone really be surprised this happened? In fact, the whole WikiLeaks event speaks volumes about how truly un-serious the U.S. government is about security (or worse, incompetent).
This is not a new exposure area, as companies have been dealing with "data leakage" problems for years. And it's not as if there aren't lots of tools available that can track document access, allow only certain users to view/read/copy files, lock down repositories, etc. Security companies like McAfee (MFE) and Symantec (SYMC - Get Report), and many of the major app platform vendors like RSA (a unit of EMC (EMC)), Oracle (ORCL - Get Report), IBM (IBM - Get Report), SAP (SAP - Get Report), et al., have leakage-prevention capabilities.
The government ignored these capabilities to its detriment, and we believe many organizations large and small do so as well. The WikiLeaks event sheds light on a major security issue with huge implications for enterprises and not just for government agencies. The fact is that the highest probability of data loss or exposure will result not from an outside attack, but from inside your own organization.Right now, the government thinks the leaked documents is the work of a single person -- a U.S. Army private who was able to access millions of files and easily copy them to a CD or flash drive. And it's very likely that in your enterprise, there are many individuals who could easily access private and sensitive corporate data too, which is companies' most valuable (and private) asset. In fact, it's amazing how lax data-access rules are in most companies, despite the many regulatory compliance requirements (e.g., SOX, HIPAA). And if someone unauthorized did access sensitive files, would your organization even know about it? There are steps enterprises should take to avoid being the next victim of WikiLeaks (which now says it will start releasing corporate documents as well). The most critical lesson to be learned from WikiLeaks is, trust your employees, but verify they're not doing something they shouldn't. The vast majority of employees will be ethical. But occasionally, there will be one that isn't and those are the ones organizations need to protect against.