IT Dangers Revealed
November 12, 2013
Those of us with experience in IT may not be surprised by the revelations InfoWorld shares in “6 Dirty Secrets of the IT Industry.” This magazine of IT gospel asked its readers to share their observations of shady IT matters, then fact-checked the results. See the article for the whole roster, but I’ll share a few bits here.
Secret number one is the broadest; Writer Dan Tynan colorfully titles this one, “Sys admins have your company by the short hairs.” He quotes Pierluigi Stella, CTO of security firm Network Box USA, who gives each of us good reason to send our IT departments the random gift basket:
“There are no secrets for IT. I can run a sniffer on my firewall and see every single packet that comes in and out of a specific computer. I can see what people write in their messages, where they go to on the Internet, what they post on Facebook. In fact, only ethics keep IT people from misusing and abusing this power. Think of it as having a mini-NSA in your office.”
Speaking of the NSA, Tynan calls those government snoopers “punks compared to consumer marketing companies and data brokers.” He cites the practices in casinos as the epitome of this very individualized marketing tactic, and provides examples. He goes on to quote former casino executive and Louisiana State University professor Michael Simon, who emphasizes that the practice is far from limited to casinos:
“I teach an MBA class on database analysis and mining, and all the companies we study collect customer information and target offers specific to customer habits. It’s routine business practice today, and it’s no secret. For example, I bring my dog to PetSmart for specific services and products, and the offers they send me are specific to my spending habits. . . instead of wasting time sending me stuff I won’t use like discounts on cat food or tropical fish.”
Whether you, like Simon, appreciate targeted marketing or you find it creepy, it is worth remembering how much data these entities are collecting on each of us.
It is also good to keep in mind some pitfalls of another practice that has become commonplace—storing data in the cloud. In fact, this could be the most disconcerting item on this list. Though we tend to think of the cloud in nebulous terms, that data is actually stored on real servers somewhere. When our data shares rack space with that of other entities, we run the risk of intrusion and confiscation through no fault of our own. The article emphasizes:
“Your cloud data could be swept up in an investigation of an entirely unrelated matter — simply because it was unlucky enough to be kept on the same servers as the persons being investigated. . . . Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud. ‘Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively,’ he says.”
Another suggestion is to encrypt your data, of course. Keeping a local backup is another good idea, since law enforcement seems to be under no obligation to grant access to your own confiscated data. For some of us, this is just more evidence that sensitive information does not belong in the cloud. Caveat Emptor.
Cynthia Murrell, November 12, 2013
Sponsored by ArnoldIT.com, developer of Augmentext