Letter: Security rules are only as good as those who obey them

"Gadgets that don’t play by the rules" is a good article on the challenges of adapting to agency responses to the rapidly changing technology landscape, but I have to ask about your comment in the sidebar that states, "Information technology managers...can buy some time by using common sense rules until they can develop a broader strategy."


With all due respect, the alarm went off at the announcement of the Veterans Affairs Department breach. With all hands on deck across the federal government, agency technology managers have been tasked with making sure that their agencies don't get embarrassed by another breach and yet many more have come to light. It's time to seriously look at the root cause: Information is easy to distribute once authorized access is granted. All of the training can be done and all of the policies in the world can be devised to state what is not allowed, but like speeding in your car, without enforcement, laws are only as good as the people obeying them.


Automated enforcement is needed that is transparent and user friendly so as to enable business productivity while enforcing security. Since unknown storage devices can be introduced, then enforcement needs to be at the information level. Industry is already working diligently to address this issue in the areas of the Secure Information Shared Architecture Alliance and enterprise rights management. The alliance would provide much tighter controls over network access offline and on, and a subset of this vetted off-the-shelf interoperability solution includes enterprise rights management to provide enforcement of agency policies and security awareness trainings at the data-level without putting additional strain on security departments. When "gadgets don't play by the rules," then agencies need to change the rules.


Anonymous

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.