March 03, 2011, 11:55 AM — After seven months of investigation, the U.S. military has lodged 22 additional charges against the low-level intelligence clerk alleged to have downloaded and released hundreds of thousands of top secret documents and videos through WikiLeaks.
The incident, referred to as CableGate started an international political firestorm.
It also turned the IT world upside down even though, on its surface, it had little or nothing to do with corporate computing.
Whoever turned over hundreds of thousands of documents to WikiLeaks (allegedly Manning, though that's yet to be proven), demonstrated how devastating it can be to trust the wrong person with access to information you'd prefer would remain secret.
All of the assumptions and most of the technology currently in vogue assumes a business environment in which the Circle of Trust expands far beyond a small number of full-time senior staff with long-term job prospects and an interest in keeping the company's secrets.
Flat organizational structures, contractors hired instead of employees and the shift of critical data from databases to unstructured email, documents, web-based apps, SharePoint and other collaboration software all make information available to far more people, with far fewer controls.
In a study released in the U.K. in November almost three quarters of employees admitted to stealing corporate data; almost half know someone who has also done it, and two thirds believe a competitor got information from a fellow employee.
Mobile-computing, wireless or inadequately secured bring-your-own-device policies, cloud- and SAAS-based computing open the doors further, even as increased spending requirements for compliance pull budget dollars away from security efforts designed to get ahead of the threat, rather than last-ditch, defend-the-edge firewalls.
All of that makes the security position of any company more tenuous, and that of anyone in IT responsible for security even more precarious.