As I read more and more about the leaking of US government documents, I can’t help but wonder what type of security was in place. In recent times, WikiLeaks has gained access to 400,000 documents detailing the Iraq war and more than 250,000 documents from the state department. Given the volume of documents, it seems doubtful that the documents were stored in a document management system with multiple levels of security permissions.
While we may never know exactly how the documents were accessed in the first place, a logical assumption would be that they were stored in a database or file system. Using a database or file system, large volumes of data or documents could be dumped onto a hard drive. While databases and file system have file security, anyone with the correct clearance could have access to vast amounts of data.
If we compare that to even basic document management security, then it’s hard to envision how documents stored in a properly set up document management system could be accessed in such volume. With document level security, it would take a very long time to dump this number of documents. Of course if the security was not set up properly in the first place, the breach could still have happened.
Here’s what government agencies, or any organization for that matter, should do to reduce the risk of data breaches like this from occurring.
- Make sure that your documents are stored electronically in a structure that makes sense for easy access, but also can be locked down.
- Make sure you implement security that restricts access down to the document level.
- Make sure that your online document management system has alerts when documents are accessed.
- Perform regular reviews of audit logs and look for excessive views, downloads, and deletes.
These are standard document management techniques. Unfortunately I find it hard to believe that even these standard techniques were used to safeguard these sensitive documents.
If the recent WikiLeaks debacle has taught us anything, it’s that you have to be prepared for the worst. If you’re not sure that your document security is what it should be; then call us. We’re prepared to help you secure your confidential information so you don’t wind up on the front cover of the newspaper.