Data Security != IT
At the start of spring media outlets started to report leaked classified US documents appearing online. Timelines suggest as early as March these highly classified documents were found on a platform known as Discord. Discord is a social media platform popular with online gamers, so not the type of place they’d typically be circulating data on the Ukraine war…
Today, Friday 14th April, gives a much clearer picture of how this was allowed to happen – I’ll not retell the story here as plenty of online sources have already done a great job of doing so and it’s largely not ours to tell.
What is now clear though, is that the alleged individual involved, Jack Teixeira, worked in IT. A “cyber transport systems journeyman” to be exact according to skynews.com. This is when the picture starts to become all too familiar, the IT personnel have access to everything because, well, it’s IT isn’t it? Nope!
Whilst I’ll confess to never having worked with an organisation that holds data on matters of national security, all of them have sensitive data of some description or another. Nearly every single one of them suffers the same problem, data is overshared, duplicated, and access is over granted, particularly so when it comes to IT personnel.
Data Security and access to it, is not an IT problem. IT support the mechanisms to grant the access, they’re also responsible for maintaining the systems which house the data and granting access to it. But as far as I can see there remains no part of an IT engineers job description which involves accessing data on the Ukraine war; or for example the payroll data of other employees for arguments sake.
Data Security, Data Privacy and Data Governance are the remit of data owners, not the IT staff. Knowing where your data lies, what sort of data it is and what’s happening to it is a problem for all organisations, including the pentagon it seems… This is an endless task and a constantly evolving landscape, something we’ve been involved with for over 15 years.
If you’ve concerns over who might be accessing your sensitive documentation, contact one of HANDD’s specialists who can advise on the best technology to assist your organisation. If you’d like to discuss this further, call us on +44 (0) 845 643 4063 or email us at info@handd.co.uk