I’ve been thinking more about the Sony Pictures story…. it has been mentioned that it could be an insider job… what this means is that all information needs to be protected, not just within the organisation, but between each individual, identity.
Every business process in an organisation should be protected cryptographically, there should be a thread of traceability leading to the originating source. Only authorised parties involved in any digital interaction should have access to information being moved around, or as a matter of fact, information at rest. All email communications should also be encrypted.. and only the creator of the content and recipients should be able to read communications, and attachments. Creators of information should have absolute traceability in every one of their digital interactions, that could be a part of a business process.
But how to do this? Like an elephant… you know how to eat an elephant? Eat a small piece at a time so you don’t get indigestion. So the answer is that one should take, and work with one business process at a time, building piecemeal a secure water-tight shield across an organisations information assets, including their people.
It’s been a chilling experience for Sony Pictures, and a little surreal for those observing. It could be one of their movies….
Bruce Schneier has some thoughts. The hacking incident has shocked many, although any of us in information security may not be particularly surprised.
After many years in information security I am continually disappointed by the lack of focus there is in securing an organisations information assets. This includes intellectual property (IP), and anything information that needs to be protected in generating IP. The focus on being ‘compliant’ and finding ways to get that tick-box without really being really serious about doing what is right, is worrying. I wrote a post in April this year that dives into this subject.
Of course if an organisation is not serious about protecting its IP, how can you expect it to protect your personal information, as employees, customers and partners? The lack of measures taken to secure employee personal information brings home the fact that when it comes to securing our personal data, and anything we generate, i.e. digital footprint, it is up to us all individually to take control. It seems that we can’t trust anyone else…
But how is this possible? Well take a look at Lequinox, they have turned the identity paradigm upside-down. See if you can get your head around this way of thinking? They are empowering the individual, each one of us is to take control over what belongs to us. You control (and legally own) your digital identity and your digital footprint, and every identity in the world controls their own identity. It is the Lequinox technology with its cryptographic black box of magic that makes this possible. If you understand this, you will see that in the future, potentially it is you that is in control…