As the furor over thousands of U.S. diplomatic cables intercepted and spread to news organizations by WikiLeaks continues, the corporate IT world is surely looking inward for lessons to be learned.
The site was accessible again on Tuesday, reportedly going through a rented server in the U.S. after it came under apparent attack from hackers who blocked it in the U.S. and Europe.
'Attack on International Community'
Former President George W. Bush and Secretary of State Hillary Clinton weighed in on the fallout Monday.
In a webcast discussion with Facebook founder and CEO Mark Zuckerberg, Bush said "leaks are very damaging, and people who leak ought to be prosecuted." And Clinton said the disclosure of documents by WikiLeaks, founded by Julian Assange in 2006 and owned by the Sunshine Press, "is not just an attack on America's foreign-policy interests [but] an attack on the international community -- the alliances and partnerships, the conversations and negotiations, that safeguard global security and advance economic prosperity," according to USA Today.
The Obama administration has ordered a review of all government communication procedures and vowed to prosecute anyone who leaks classified information.
But what can private IT teams do to safeguard their internally classified information from some future corporate WikiLeaks?
Not much, according to Alan Paller, director of research at the SANS Institute, a cybersecurity school in Bethesda, Md.
"You cannot simply say 'Don't trust the users,'" Paller said. "I suppose the best advice is that data-leakage and data-transfer monitoring is worth the money -- much like a security camera -- to raise the chance that a thief could get caught."
Guard Your PDFs
Charles King, principal analyst of Pund-It, said the real lesson of WikiLeaks, which exposed thousands of documents on the wars in Iran and Afghanistan last summer in the biggest security breach in U.S. history before this month's diplomatic cable release, is that e-mails, instant messages, and portable document format (PDF) files "are just as real, have a potentially longer shelf life, and are vastly more portable than real, physical documents."
King noted that this lesson was learned the hard way by major corporations in recent years. For example, in the late 1990s, the Department of Justice used internal e-mails and memos from Microsoft in its antitrust suit against the software giant to show that the company tried to knock browser rival Netscape out of business, despite claims to the contrary by CEO Bill Gates.
"More recently, in Oracle's suit against [software rival] SAP, [Oracle CEO] Larry Ellison testified that 'I did not write down what I thought was a worst-case scenario,' suggesting that he recognizes the gravity of committing ideas to digital text," King recalled.
"I hope that companies are taking to heart the experience of the U.S. government," he added. "But the problem is that the only effective way to secure business data is to institute often complex and expensive cross-company solutions." Even if they do, King said, it's up to individual employees to use the solutions properly. "For many or even most companies, that's a big, potentially risky bet."