Data leakage: building the enterprise nappy
It's an inevitable consequence of sitting in a lot of enterprise presentations: sooner or later, the phrase "data leakage" is going to come up.
My latest encounter with the phrase was during some remarks by Armagan Cetindas, manager for systems engineering at Symantec, at a session about enterprise security during the recent Influence forum. Cetindas's observations were all very sane and sensible, explaining the importance of assessing network traffic via well-developed policies to minimise unwanted leaks.
Unfortunately every time I hear the word "leakage", I get a vision of nappies.
Despite the inherently unpleasant content of most nappies, a little reflection made me realise that this diaper-like analogy was actually quite useful as an IT management principle. Here's why:
Nappies are not designed to be a permanent solution. Kids wear them when they're too young to know how to control their relevant bodily functions, but the long-term goal is always to get rid of them. This can involve a few messy and unpleasant moments, but the end result -- a toilet-trained toddler -- is much more workable for everyone.
Unfortunately, the same logic doesn't seem to apply when it comes to preventing data leakage. Companies remain willing to invest in tools designed to stop unwanted data getting out, whether it's e-mail filtering or systems policies designed to prevent the use of a USB slot for copying sensitive data.
In practical terms, such systems are nappies: they contain material so it doesn't leak everywhere, but they do nothing to actually get people to do the right thing in the first place.
The data leakage equivalent of toilet training would be educating people on the appropriate use of technologies, and possibly creating the kind of working environment which doesn't inspire people to consistently pass company secrets on to the competition.
Of course, the problem with this is that it would take time, effort and a massive change in company culture, so it seems easier to dump the problem back on IT's doorstep. But no-one likes waking up and finding a filled nappy on their doorstep, do they?