As all the aftershocks of the WikiLeaks scandal continue to play out across the globe, you can't help but wonder how things might be a little different if the federal government had an effective access management system in place that gave people access to information based on who really needed to know what.
As much as people like to focus on the dangers of removable media-which the U.S. military is now apparently getting ready to ban-the fact of the matter is that the individual suspected of freely sharing all this embarrassing information should never have had access to it in the first place.
There's not much that can be done about that now. But every IT manager knows that when it comes to intellectual property and access management in their organization, the sad truth of the matter is that most IT organizations have never done anything more elaborate than give people a password to access their systems. Once they get into those systems, there are no real meaningful controls in terms of preventing people from accessing files they should not be seeing. All it really takes is one determined insider with the means, motive and opportunity.
The real problem is that access management is difficult to deploy and to effectively manage. Companies such as ActivIdentity have simplified the deployment process by installing their software on appliances. But somebody still has to manage the software and then determine on a regular basis which individual should have access to what information. All too frequently, the IT department doesn't have the budget to acquire and manage access management software, and even if they do have the budget, they have no idea who should have access to what information.
Todd Freyman, director of government markets for ActivIdentity, says that longer-term access management will probably morph into a service that will be delivered via the cloud using virtual appliances. But even then, somebody within the company will actually have to spend time classifying information so the system will know how to apply the appropriate access policy.
Naturally, things will get worse before they get better given the rise of bigger USB memory sticks and all sorts of mobile computing devices that make it easy to download files and send them just about anywhere. So just remember the next time someone asks, "What we're they thinking when they let all those State Department cables walk out the door?" chances are more than high that your organization is no better when it comes to access management. The only real difference is that not as many people might be affected by or care about your company secrets. But the fundamental principles and underlying root causes of the problem are sure to be the same..