As I read more and more about the leaking of US government documents, I can’t help but wonder what type of security was in place. In recent times, WikiLeaks has gained access to 400,000 documents detailing the Iraq war and more than 250,000 documents from the state department. Given the volume of documents, it seems doubtful that the documents were stored in a document management system with multiple levels of security permissions.
While we may never know exactly how the documents were accessed in the first place, a logical assumption would be that they were stored in a database or file system. Using a database or file system, large volumes of data or documents could be dumped onto a hard drive. While databases and file system have file security, anyone with the correct clearance could have access to vast amounts of data.
If we compare that to even basic document management security, then it’s hard to envision how documents stored in a properly set up document management system could be accessed in such volume. With document level security, it would take a very long time to dump this number of documents. Of course if the security was not set up properly in the first place, the breach could still have happened.
Here’s what government agencies, or any organization for that matter, should do to reduce the risk of data breaches like this from occurring.
These are standard document management techniques. Unfortunately I find it hard to believe that even these standard techniques were used to safeguard these sensitive documents.
If the recent WikiLeaks debacle has taught us anything, it’s that you have to be prepared for the worst. If you’re not sure that your document security is what it should be; then call us. We’re prepared to help you secure your confidential information so you don’t wind up on the front cover of the newspaper.