Aussie developer claims cure for ‘Wikileaks syndrome’

The concept has been missing from the Wikileaks scandal discussions

Peter McCallum, CEO, Softection

Peter McCallum, CEO, Softection

Confidential information released via Wikileaks has sent governments around the world into a spin and put businesses on high alert but one Sydney-based software developer claims to have a solution to the perennial problem of data leakage.

Peter McCallum, founder of Sydney-based security software company Softection, said a combination of lack of processes, security software and an unnecessarily high amount of staff having access to sensitive information leads to data leakage.

“Julian Assange handed me a rainbow as now people are realising they need DLP software,” McCallum said.

McCallum says data loss prevention, or DLP, should more aptly stand for “data leak protection” as enterprises grapple with ways to stop rogue employees from transferring information outside the organisation.

“It’s about managing the movement of data with software, not changing how people work,” he said.

“Our software knows the file, person, and machine and with nine permission levels can determine if information can be captured and sent by an employee.”

Softection started in 2004 and develops a client server application in C++ and Java. Its philosophy is to make computers manage the data and not people.

It also distinguishes between classified and unclassified data in a screen grab.

“The US cables have come out, but there are some 3000 US government employees that had access to that information,” he said.

“Some government departments in Canberra even put glue in the USB ports in their computers to stop employees using USB keys.”

McCallum said “Wikileaks syndrome” is a good way to describe the current phenomenon whereby information is being gathered and dispersed outside an organisation with inadequate DLP policies.

“Make sure the data classification ‘follows the data’ and don’t be afraid to destroy data is it is outside the organisation’s control,” he said.

McCallum said data “at rest” also needs to be protected from prying eyes. So if an employee tried to access sensitive data in transit then it will be blocked.

“What if we took people out of the equation? In other words, took the decision-making power over the actual movement of critical information away from human operators?” he said.

“And what if we looked past the complexity of modern computer systems and found a way to simplify information security down to its core essentials – in other words, manage the movement of information irrespective of the computer systems it resides on, the number or rank of users accessing it, or the number of devices it could possibly be used on?”

McCallum says it’s not the technology, but the process and the concept that has been missing from the discussions since the Wikileaks scandal broke.

“Everywhere I look I see lists of things CIOs should be doing to protect their business information – multifaceted, multilayered approaches; permitter and core protection; DLP; user access controls; policy; compliance,” he said. “All of this is important, but no one seems to be talking about the very thing we’re trying to protect – the information itself.”

“Only by managing the movement of all information going in and out of an organisation can that information be protected against accidental – and not-so-accidental – misuse or abuse. Think of it as putting all the cookies in a jar, and then managing – rather than restricting – the movement of those cookies. Forget the jar, or the people; our only concern is the cookies.”

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata loss preventionwikileaksdata loss

More about DLPLP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rodney Gedda

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts