Gartner's Barking Up the Wrong Tree


Eric Nolin links to the Gartner reporton the iPOD and other firewire/USB storage devices. Eric's point is that this is one of the issues driving Web (or NET) 2.0. I agree. I think, however, that CIOs need more help than just saying "ban firewire/USB storage devices." This is the standard perimeter approach to protecting corporate data.

The problem with that approach is that its not feasible and getting less so all the time. I've got at least five devices in my laptop bag that could be used, potentially, to carry data out of a secure perimeter. Are you really going to tell people they can't bring cameras to work? What about cell phones? Watches? Heck, burning CDs is relatively easy with the standard corporate desktop. Some might think DRM is the answer, but its not. DRM is high overhead and requires careful planning of who has access to what. That's fine for high value data objects, but its not a general solution.

What businesses need is a way to audit user actions. I ought to be able to ask what the history is for any document and see not only the details about how this copy has been modified, but when and to who it has been emailed and any copies that were made, by who and to where. Processing audit logs scales linearly and allows you to focus attention on problem areas after the fact. Simple, workable, and solves most of the problem.