HOT TOPICS >> Best open source CMS updates of 2011 | Industry Voices | One on One Interviews
IT NEWS BY INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Some data must be secured
It's as sure as the ebbing and flowing of the tides. Eventually, some large organization gets caught with data flapping in the breeze that was never supposed to be visible. In a move that seems apropos of today's financial institutions, the New York Stock Exchange had sensitive information about its infrastructure visible for what might have been longer than a year. The catch: This time the fault is not the NYSE's.
Wired reports that the data "included several directories of files containing logs; server names; IP addresses; lists of hardware; lists of software versions running on the network; and configuration and patch histories, including what patches have not yet been installed." The data was initially placed by EMC onto an FTP server used to share information between EMC and customers, and somehow it was never secured.
As horrifying as this is to anyone familiar with network or computer security, this type of leak happens easily and is often caused by simple, human error. What does this have to do with content management? Well, all of those files are content. Ideally this content should have been viewable only by IT staff--or even better, just certain IT and support staff.
If your CMS doesn't offer the ability to secure such critical data, then you shouldn't put it in the CMS, or you need to add the feature or change CMSs. It also doesn't hurt to set up the site and workflow such that certain sections of the CMS default to different security settings.
That way if someone in IT is in a hurry, after loading up the logs of the latest software updates, it's more likely that they'll forget to let enough people see it than forget to lock them down. The first mistake would be inconvenient, but the second could potentially violate compliance regulations depending on your industry.
Sometimes it's better to risk inconvenience than to end up as a cautionary tale in Wired.
For more:
- read the Wired article
Related Articles:
One on One with Len Devanna of EMC
One on One with Whitney Tidmarsh of EMC
EMC: Rapid app development and cloud computing key to future of CM
EMC gets into eDiscovery in a big way with SourceOne
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
