How David Petraeus exposed an overlooked big data problem

The former director of the CIA is in professional and personal turmoil over an extramarital affair, but it’s the way he used e-mail that should concern IT departments


If someone like David Petraeus couldn’t effectively manage information, what hope does the average CIO have?

As the scandal deepens around the former director of the CIA and his mistress Paula Broadwell, an interesting detail has come to light about how the two carried out their not-so-secret affair: an e-mail technique favoured by the likes of terrorist organization Al Queda and that other group of notorious conspirators, namely teenagers. The National Post published the details:

The pair created a dummy Gmail account and rather than transmitting emails to the other’s inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic “dropbox,” the official said. Then the other person could log onto the same account and read the draft emails there. This avoided creating an email trail that is easier for outsiders to intercept or trace.

This is the dirty little secret many IT departments are either unaware of, or that they hope their senior management team never finds out about. It is one thing to ensure proper network security as part of a strategic plan to protect enterprise data, but there’s a lot of other data moving through businesses that’s as clandestine as Petraeus and Broadwell tried to be. What’s far more difficult to track, from an IT governance and auditing perspective, is the information running on cloud-based services like Gmail which are increasingly tolerated even in strictly controlled enterprises like the CIA. And when those creating, collecting or storing that data take extra precautions to keep it hidden, all the worse for IT managers.

This is, in fact, a big data problem that has yet to be discussed in great detail. Big data offers great potential for organizations to use analytics and learn things that will help their business, but some of that unstructured data will present more risk than reward. As companies evaluate the degree of volume, velocity and variety of information surrounding them, they’re probably not thinking about draft e-mail messages. They probably aren’t thinking about personal communications stored on public e-mail services at all. But there are certainly lots of corporate secrets that travel from employee desktops to their home computers this way. Much of it won’t involve a sex scandal but rather patent details, sales forecasts, contracts and other critical pieces of corporate intellectual property. Some of it may become even subject to e-discovery procedures in legal situations (which is when the big data problems will really become a high priority).

There’s no quick for this, just as there isn’t a way to address all the other big data challenges overnight. The only best practice for IT managers is to develop the right usage policies, try to enforce them and educate employees as best they can. And users like Petraeus should never be too smug. Try as they might, even the most secret, unstructured data seldom remains for their eyes only.

Take the next step: Download Frost & Sullivan’s white paper, Big Data Doesn’t Have To Be A Big Headache, for free.

 

4 Comments

  1. Shane,

    Great article… I had to chuckle at your ‘other’ group of nefarious users – teenagers…. which compromise a large portion of my constituency.

    We have a large number of international students from countries where access to information and the Internet is restricted, and these kids come armed with a frightening knowledge of covert activity, firewall bypassing and generally remaining invisible online.

    As I’ve pointed out in a former blog post, in five years, they will be your (corporate CIOs) problem.

    Are you ready for this increasing group of end users with a well honed skill in bypassing security?

    Kevin Pashuk / 7 years ago
    • Thanks Kevin. You would understand this problem more than most.

      Shane Schick / 7 years ago
  2. Very interesting – I would never have considered that to be a stealth technique. I guess at the end of the day, no system is foolproof from hacking or interception?

    Amrita / 7 years ago
  3. Interesting article Shane we tend to think of all the really obvious security risks with Cloud but this really small email work around is problematic. Also just like reading your stuff – it holds me until the end!

    Joanne Haywood / 7 years ago