Letter: Security rules are only as good as those who obey them

"Gadgets that don’t play by the rules" is a good article on the challenges of adapting to agency responses to the rapidly changing technology landscape, but I have to ask about your comment in the sidebar that states, "Information technology managers...can buy some time by using common sense rules until they can develop a broader strategy."


With all due respect, the alarm went off at the announcement of the Veterans Affairs Department breach. With all hands on deck across the federal government, agency technology managers have been tasked with making sure that their agencies don't get embarrassed by another breach and yet many more have come to light. It's time to seriously look at the root cause: Information is easy to distribute once authorized access is granted. All of the training can be done and all of the policies in the world can be devised to state what is not allowed, but like speeding in your car, without enforcement, laws are only as good as the people obeying them.


Automated enforcement is needed that is transparent and user friendly so as to enable business productivity while enforcing security. Since unknown storage devices can be introduced, then enforcement needs to be at the information level. Industry is already working diligently to address this issue in the areas of the Secure Information Shared Architecture Alliance and enterprise rights management. The alliance would provide much tighter controls over network access offline and on, and a subset of this vetted off-the-shelf interoperability solution includes enterprise rights management to provide enforcement of agency policies and security awareness trainings at the data-level without putting additional strain on security departments. When "gadgets don't play by the rules," then agencies need to change the rules.


Anonymous

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.