Rediff.com« Back to articlePrint this article

Why data leaks can't be plugged

January 10, 2009 19:39 IST

Data leaks out of a virtual world like water flows from a pipe. One is physical; the other is theoretical. And no matter how many boundaries are constructed around a theoretical world, leakage will occur.

This is more than just hardware versus software. Hardware has always been considered the standard for maximum security, while software can be tricked the way a virus tricks a human cell. But communication over the Internet is virtual, meaning no one completely understands it. The best guess is that it is a collection of inconsistent communications equipment using disparate protocols.

For security experts, who sit around and worry about this kind of stuff, it's the persistent pain that never goes away. For CIOs, it's one of the top five things to worry about. And for corporations, it's probably the most serious threat to competitive advantage that exists today. Data theft makes headlines when it occurs, but data leakage is perpetual and impossible to stop.

Here's a true story. A human resources executive at a large tech company e-mailed a spreadsheet containing quarterly budget information to a dozen employees throughout the company.

The executive never noticed that the spreadsheet had a second and third page attached, with all the compensation and personal details of all the executives in the company. The employees who received it sure noticed the extra pages, though.

It was the subject of incessant e-mails. And when several of them were laid off over the past several months, they took that information with them to competitive companies.

The problem isn't the technology. It's people. They make mistakes--everything from sending out more information than is appropriate to leaving CDs in the back seat of a taxi or the pocket of an airplane. They also change jobs, bringing digitized development information with them.

And in a virtual world, they talk with their friends and colleagues--over e-mail, instant messaging, phone messages or even Skype.

While most of the conversations are irrelevant, there are tidbits that leak out that are important to companies--everything from gossip about promotions and scandals to product delays and cost overruns.

In the virtual world, gossip about the health of the CEO may seem like a normal concern, but if it leaks into the wrong hands, it can lop billions of dollars off the company's public value.

Data leakage isn't a new problem. John Stewart, Cisco's chief security officer, wisely noted that the most blatant examples of data leakage occurred in Silicon Valley's boom years when employees changed jobs every couple years.

But digitization of information has exacerbated the problem on a global basis. Short of cutting off all outside communication and frisking employees as they leave a building, there is no way to completely stop data leakage.

For companies in general, and CIOs in particular, this is a serious concern. Their next focus may not be implementing the best security. It may be figuring out ways to alter human behavior.

Even the most conscientious security measures can't seal up every leak. People will talk--and in a virtual world, they will talk to more people about more things.

Ed Sperling, Forbes.com
Source: source image