The Wikileaks Cablegate affair has been entertaining us now for two weeks as we see diplomats and politicians around the world squirming with embarrassment as we learn what US diplomats really think about the foreign powers they deal with.
Both the leak of the cables and the treatment of Wikileaks and its founder, Julian Assange, by various Internet companies raises some important questions about the Internet, cloud computing and office security in the digital era.
It’s believed the source of the leaked cables is Private First Class Bradley Manning, who is alleged to be responsible for leaking the Iraq tapes released by Wikileaks earlier this year.
The lesson is don’t give junior staff unrestricted access to your data, access to important information such as bank account details, staff salaries and other matters best kept confidential needs to be protected.
You can stop data leaving the building by locking USB ports, CDs and DVDs through either software or hardware settings on your computers and you should ask your IT support about this, keep in mind that locking down systems may affect some of your staff’s productivity.
Locking the physical means though doesn’t stop the possibility of data being sent across the Internet and access logs may only tell you this has happened after the fact. So it’s important to review your organisation’s acceptable use policy. Check with your lawyers and HR specialists that your staff are aware of the consequences of accessing company data without permission.
Incidentally, the idea that Pfc Manning was just one US Army staffer of thousands who were able to access these cables raises the suspicion that the information Wikileaks is now releasing was long ago delivered to the desks of interested parties in London, Moscow, Tel Aviv, Beijing and cave hideouts in remote mountain ranges.
Don’t rely on one platform
Wikileaks found itself hounded from various web hosting and payment providers. As we’ve discussed previously, relying on other people’s services to deliver your product raises a number of risks. Make sure you have alternatives should one of your service providers fail and never allow an external supplier to become your single point of failure.
Concerns about the cloud
This column has been an unabashed fan of cloud computing, but the Wikileaks saga shows the cloud is not necessarily secure or trustworthy. Not only is there the risk of a PFC Manning working at the data center compromising your passwords or data, but the arbitrary shutdown of Wikileaks’ services is a stark lesson of relying on another company’s Terms of Service.
Within most terms of service are clauses that allow the provider to shut down your service if you are accused of breaking the law or straying outside of the providers’ definition of acceptable use. As we saw with Amazon’s treatment of Wikileaks, you can be cut off at any time and without notice.
Amazon’s shutting down of Wikileaks is a pivotal point in the development of cloud services. Trust is essential to moving your operations to the cloud, and Amazon’s actions shown much of that trust may be misplaced.
Should you be considering moving to the cloud, you’ll need to ensure your data and services are being backed up locally and not held hostage to the arbitrary actions of your business partner.
Don’t put your misgivings in writing
So your business partner is a control freak? Great but don’t put it in writing.
Be careful of gossip and big noting
One interesting aspect of Wikileaks to date is how senior politicians like gossip and showing how worldly they are to US diplomats.
That’s great, but it probably isn’t a good idea to tell your best friend they should consider beating up your most important customer. As mentioned earlier, this little gem was probably on polished desks of the Chinese Politburo long before the cables found their way to Wikileaks.
Resist the temptation to gossip, remember your grandmother’s line about not saying anything if you can’t say something nice.
Ultimately what Wikileaks shows us is all digital communications are capable of being copied and endlessly distributed. In a digital economy, the assumption has to be that everything you do is likely to become public and you should carry out your business conduct as if you will be exposed on Wikileaks or the six o’clock news.
Wikileaks is a lesson on transparency, we are entering an era of accountability and the easiest way to deal with this is to be more honest and open. That’s the big lesson for us in our business and home lives.