Posted by: Fohlhorst
CIO, data protection, IT compliance, Wikileaks
The latest WikiLeaks debacle hopefully pounds home the point to corporate IT shops why implementing sound compliance technology can better protect data, and what the consequences can be if they do not.
Whether or not people take heed, compliance issues are certainly coming to the forefront in most analyses of the latest WikiLeaks flap. But in most of these analyses, it is unmistakable how ineffective technology was at enforcing compliance.
Consider this: There is an abundance of compliance requirements, including regulation for credit card holders (FCRA), for merchants (PCI DSS), for public entities (Sarbanes-Oxley), for privacy (HIPAA/HHS) and for children (COPPA), as well as regulations for insurance, securities trading, telecom and many more.
Most, if not all, of these requirements rely on technology to enforce compliance. WikiLeaks teaches us that it is the human factor and not technology that leads to the most damaging of breaches. All it takes is one disgruntled employee to destroy the security around intellectual property, private data or corporate secrets. But how can one build technology to prevent that?
There is no simple answer. Perhaps the only way to handle these situations is with the threat of severe penalties, and therein lays the secret to compliance technology. The enforcement of severe penalties requires incontrovertible evidence. In this particular case, technology that monitors activity and audit usage can become the key to plugging leaks.
If users are properly educated on the implications and penalties involved in disseminating unauthorized information, and are informed that access is tracked in numerous ways, perhaps technology can prevent the issues now plaguing the U.S. Defense and State Departments.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.