Tuesday, December 14, 2010

Will Content Management Stop WikiLeaks?

WikiLeaks created quite the buzz in the last few weeks, showing us all that in this world we live in, information is not only a valuable commodity but also a huge source of liability. We can debate whether or not we condone what WikiLeaks did but the bottom line remains that there will always be people out there who will be try to misuse our information.

Image: Borrowed from WikiLeaks
As expected, the IT industry, and particularly the enterprise content management (ECM) vendors have been quick to point out that WikiLeaks is yet another Y2K or Sarbanes-Oxley event that will generate a good media scare and – if we are lucky – even a legislative mandate that will stimulate some software purchases. ECM vendors, in particular, have a strong stake here as managing your content properly is the first pre-requisite to prevent it from appearing on WikiLeaks. ECM has a long history with compliance and information governance which deals with some of the issues at the heart of the WikiLeaks problem. However, I wouldn't go as far as to claim that if you deploy ECM, you will prevent your own WikiLeaks.

The WikiLeaks problem is not a traditional content management problem. For years, the ECM vendors have been more focused on the problems related to content inside the enterprise – mostly driven by the need for control and the fear of liability. Records management is all about keeping the authentic version of a content asset for a prescribed period of time with the attitude of 'shred as much and as soon as can'. Information governance adds a framework that addresses additional concerns such as security (well, mostly access control, really), accountability and efficiency but that too is focused on the content inside the company. And eDiscovery, the hot topic of late is primarily concerned with the liability of content that might get discovered inside the company to be subpoenaed as evidence.

The WikiLeaks problem is an issue of content meant to stay “inside the company” but has gotten out, which was never the intent. This is a problem of security as much as content governance and is actually really hard to solve. We don't know if the State Department used any content management system for the content leaked on WikiLeaks but even if it did, that system alone would have hardly solved some of the key issues:

- People security
While it is possible that the government repositories were hacked, it is more probable that it was a people problem. It is very likely that the authorized and trusted people in the government leaked their content out either deliberately or inadvertently. I am not going to speculate about Bradley Manning here but even with all the screening and background checks that the government (hopefully) does, there is still plenty of chance that people with legitimate access mishandle information. Solving this problem is hard if not impossible since someone has to keep the master key and that person could be compromised.

- Leak prevention
Most of the content management repositories are pretty secure. Solid authentication, granular access control, and auditing capabilities are the basics and many vendors go far beyond that with capabilities such as repository encryption and mandatory access control. The problem is that most of the content in an organization is on desktops, in email, on mobile devices – everywhere but in the secure repository. Rights management (or DRM, IRM, ERM) has been offering a decent solution for this problem for years but since it gets in the way of usability, the adoption has been poor.
Content tethering is a promising new approach provided by some ECM systems but even here the adoption is in its infancy. The only reliable approach to solve this problem is elimination of all leak points - no laptops, no flash drives, no DVD burners, no printers and no outbound email and Internet traffic. Obviously this is practical only in organizations that are more concerned with security than productivity (e.g. military, intelligence, etc.). The rest of the world is looking at rights management, content tethering and data loss prevention (DLP) technologies for at least some help.

- Leak detection
Eventually, a security conscientious organization must assume that the content will leak out. Therefore, it is important to discover the leaks quickly to plan a response and to track the leaks back to their source to plug them. Systems that automatically monitor and analyze target sites can help although such systems still struggle with performance (data volume) and reliability of detection today. There are many solutions for monitoring Twitter, Facebook and other social media sites; however, most such systems are focused on marketing drivers such as sentiment detection.
Some solutions do approach the problem from a security and liability angle, though. The tracing of leaks back to their source is also possible today. Watermarks have been used for years for printed documents and a similar technology exists as part of content management solutions today which, together with strong auditing, helps to discover security leaks.

Yes, the WikiLeaks problem has been a wake-up call for many organizations concerned with the security of their data. And as you can see, the problem is difficult if not impossible to solve completely. But the combination of content management and advanced security is a great step towards addressing the WikiLeaks challenge. In the end, there will arguably never be a perfect security solution but security is a game of attrition. Every security measure put in place makes it more difficult and more expensive for the bad guys to breach your defenses. If you don't get complacent, if you keep raising the security bar, you are lowering the chances of a data leak – or a WikiLeak.

1 comment: