Am I the only person who groans inwardly when they hear that Dr Fox has been commenting on the MoD, before remembering it’s Dr LIAM Fox, not the chap off the radio? Even if I am, I bet next time you hear it, you will think it too.
A few weeks ago a friend of mine at one of the Departments had to cancel a quick catch-up over a coffee as he’d been dragged into a meeting by a Director worried about pre-CSR leaks to the press. Last week a letter written on 26th August by the Secretary of State for Defence, Dr Liam Fox, which argued in some detail about the effect of possible cuts in the MoD budget, turned up in the press. It’s a fair bet that there may be one of two more leaks in the next few weeks as people try to protect the work carried out by their respective organisations (see here). Regardless of your point of view on the topic, one would have to question how the leak happened.
Data Loss (or Leak) Prevention or DLP is a forgotten technology. Forgotten in the sense that it’s been around for a while, but hasn’t seen widespread use in the Public Sector. You have to ask why. The technology has a clear utility and it’s not like leaks are a new phenomenon. The argument generally trotted out is that it’s too hard. Erm, cobblers. Encryption was too hard to roll out until Sir Gus stood up and started hitting people with a stick.
DLP doesn’t have to be complex and invasive if done right. What is required is a simple methodical approach with a nice big dollop of common sense applied (indexing every document in the organisation is not a good place to start for example). Applying simple policy to a small group of people (e.g. senior management) would allow for leaks to be controlled or at the very least understood. And given the way the legislation tide is flowing, it’s a natural follow-on from encryption.
Talk to your legal types and then chat to your vendors – I suspect it’s only a matter of time before DLP gets serious attention once again.