Whether or not you support the leaking of 250,000 embassy cables to the now infamous Wikileaks
website, it certainly makes you think. Whatever business you are in
there always emails or data that would be embarrassing or more likely
harmful to our business if they were made widely available. So what is
the lesson to be learnt from the Cablegate
The blame for the issue seems to be landing on a certain US private
Bradley Manning. But I place the blame directly on a lack of Governance
and poor IT systems. And the measures that have so far been announced -
things like removing CD drives from classified systems - are simply the
wrong approach. The real problem is why any one person - whatever level
of clearance they had - should have access to all 250,000 cables.
Without going into the details of XACML and policy-based entitlement
models, suffice it to say that the right approach is to base access not
only on the person, but the reason they have for accessing the data.
Using policy-based entitlement, it is possible to have a well-defined
Governance model where a person is given access to just the right data
at just the right time for just the right purpose, and that this can be
managed in a process-driven, auditable and controlled manner.
If you live in a crime area and you leave your door open, you will be
burgled. If you don't put in place good security and data governance,
then it is you that will be blamed, not just the guy who steals your
And if you want the technical low-down on XACML, start here