Wednesday, December 1, 2010

WikiLeaks fallout: it is about Identity and Access Managment and Encryption

The recent WikiLeaks includes Department of State and some big
financial institutions and technology companies have made big
headlines in the news.

I believe that two key measures to prevent this kind of leak is
Identity and Access Management(IAM) and Encryption of data at rest and
in the transit. IAM is not just technology, it is about process,
procedures, and policies. Agencies need to evaluate current IAM
practises with existing technologies and see if there is any holes in
SoD, Least privilege, user provisioning, and de-provisioning, fine
grained access control, etc. Department and Agency wide IAM strategy
is crucial to prevent the leak in the future. As data encryption and
key management, this can be combined with IAM strategy to protect data
in transit and at rest.

The financial institution and big technology companies are not
exempted from the data leaks such as wikiLeaks, and it is very
important to have a consistent and enterprise wide IAM strategy.

I welcome any comments.

No comments:

Post a Comment