Tuesday, July 17, 2007

A case for data leakage prevention at IBM

I used to work for IBM. If you know me or have been reading this blog for at least the past few months, you know this.

It should come as no surprise that from time to time, I keep an eye on what IBM does. I also read Robert X Cringely's blog. I've been catching up on my reading (I'm way behind) and came across this post regarding IBM's LEAN program. It generated over 1000 responses on Bob Cringely's blog so it obviously touched a nerve. I was once a cynical IBM employee so I can identify with some of the comments. At the risk of getting flamed by my ex-IBM colleagues, I shall comment no more on this :)

Bob followed that post with another the following week containing an IBM internal email circulated to employees in response to Bob's blog post from the previous week. That IBM management felt the need to respond to a "rumour" as they call it makes one wonder if Bob's on to something. But what I really want to know is this...

How the heck did that email leak outside of IBM walls?!?! Lotus Notes has protection against emails being forwarded, printed and even copying of email contents. Did those check-boxes not get ticked before sending the email? And if they DID get ticked then someone must have found a way around it (a Lotus Notes expert could probably figure it out). If there is no way around it in Lotus Notes (I'm not a Lotus Notes expert) then did someone just take a screen shot and have Bob painstakingly re-type the entire email? Perhaps. But I doubt it was that difficult. My guess is that all Bob had to do was copy from his email inbox straight into his blog post.

Does IBM have a Data Leakage Prevention (DLP) strategy in place? Maybe. Do they have a working solution in place? That was a rhetorical question. They don't. Will they have one soon? I'd put money on the answer being "yes". And yeah. I know something you don't. Don't ask or I'll have to go "James Bond" on you.

No comments: