fbpx
 

Who’s doing what with your data – need for an identity management system and auditing

Sam AlapatiAccess management, Database security, DSS (Data Security Standard), Identity management, IT Security

The sensational revelations of the inside action of international diplomacy are still being revealed by WikiLeaks, which has access to a stash of about a quarter million of secret diplomatic messages between the State department and the U.S. embassies around the world. Of course, the revelations caused a red faced State department to fulminate about violations of national security by Wikileaks.

The State department has just unveiled the cloak of mystery regarding exactly how the secret messages were accessed and passed on to Wikileaks – turns out that the messages were wrongly stored in a database accessible to all military persons worldwide. It sure is amazing that in today’s highly security conscious world of IT operations, the State department allowed just about anybody to access the trove of so many highly sensitive documents.

One State department official said: “It wasn’t clear what was to be shared or not shared”. In one simple sentence, the official unwittingly let on that the State department didn’t have any authorization policies in place for the database (called Net-Centric), which is accessible to all and sundry in the armed forces. This case shows once again the enormous importance of having sophisticated identity and access management policies, to prevent unauthorized folks from accessing data they aren’t supposed to be privy to. A proper identity management system based on a role backed access (RBAC) system could’ve easily prevented the entire fiasco.

In addition to a formal role based identity and access management system, a solid auditing policy would also have prevented to the long term unauthorized access to the sensitive documents. It seems that more than a political or diplomatic failure, this was more a failure on part of the guardians of the State department databases to adequately protect their sensitive information. As of now, State department officials have cut off external access to the Net-Centric Diplomacy database (probably located in the Pentagon), pending a review. The leaked papers where downloaded from a computer terminal in Kuwait and forwarded to WikiLeaks.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

Phone:
(732)738–8511 x1208
Email:
Webchat:
Use the chat box on the right
Meeting:

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.

Performance Guarantee

Miro’s no risk Performance Guarantee is that the amount of cost savings that we uncover will be more than our fees.

[yarpp]

Recent Posts

Oracle Guides


Microsoft Resources


IBM Resources

Case Studies

Managed Services for Oracle Licensing

Miro’s Managed Services for Oracle licensing is a best practice approach for an organization to optimize and outsource the practice of Software Asset Management to specialized external experts to ensure the organization’s compliance with vendor rules and policies.

Learn More