If someone like David Petraeus couldn’t effectively manage information, what hope does the average CIO have?
As the scandal deepens around the former director of the CIA and his mistress Paula Broadwell, an interesting detail has come to light about how the two carried out their not-so-secret affair: an e-mail technique favoured by the likes of terrorist organization Al Queda and that other group of notorious conspirators, namely teenagers. The National Post published the details:
The pair created a dummy Gmail account and rather than transmitting emails to the other’s inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic “dropbox,” the official said. Then the other person could log onto the same account and read the draft emails there. This avoided creating an email trail that is easier for outsiders to intercept or trace.
This is the dirty little secret many IT departments are either unaware of, or that they hope their senior management team never finds out about. It is one thing to ensure proper network security as part of a strategic plan to protect enterprise data, but there’s a lot of other data moving through businesses that’s as clandestine as Petraeus and Broadwell tried to be. What’s far more difficult to track, from an IT governance and auditing perspective, is the information running on cloud-based services like Gmail which are increasingly tolerated even in strictly controlled enterprises like the CIA. And when those creating, collecting or storing that data take extra precautions to keep it hidden, all the worse for IT managers.
This is, in fact, a big data problem that has yet to be discussed in great detail. Big data offers great potential for organizations to use analytics and learn things that will help their business, but some of that unstructured data will present more risk than reward. As companies evaluate the degree of volume, velocity and variety of information surrounding them, they’re probably not thinking about draft e-mail messages. They probably aren’t thinking about personal communications stored on public e-mail services at all. But there are certainly lots of corporate secrets that travel from employee desktops to their home computers this way. Much of it won’t involve a sex scandal but rather patent details, sales forecasts, contracts and other critical pieces of corporate intellectual property. Some of it may become even subject to e-discovery procedures in legal situations (which is when the big data problems will really become a high priority).
There’s no quick for this, just as there isn’t a way to address all the other big data challenges overnight. The only best practice for IT managers is to develop the right usage policies, try to enforce them and educate employees as best they can. And users like Petraeus should never be too smug. Try as they might, even the most secret, unstructured data seldom remains for their eyes only.
Take the next step: Download Frost & Sullivan’s white paper, Big Data Doesn’t Have To Be A Big Headache, for free.