Thursday, January 06, 2011

If you think about it...

...GUI's like Windows and the original Mac OS pretty much destroyed any real ability a company had to secure its data from walking away. Going back in time, the last instance I can think of where information was not portable was in custom-apps or databases on character based terminals or PC's. Of course you could argue that the dot matrix printer would have probably been the real death knell of distributed computing information security. It's not like you could lock that stuff down back in the day.

In modern times though, the ability to cut & paste in browsers, command prompt windows, etc. means you have to jump through enormous hurdles to institute a truly read-only security level for your data, meaning it only exists within an application and can only be read on-screen. If it's possible at all (it may be and I just don't know what products one would use to perform Windows surgery to disable any cut/paste ability anywhere).

All of the effort an administrator could go through would still be vulnerable to something that renders the measures moot - either that or you have so greatly impacted user productivity that the question becomes why let them come to work at all?

Just once in a while it seems like it would make sense if it were at least a little easier for companies to say "you can see this, but you can't do anything else with it" - especially in browser based apps. Yes it may be possible with a lot of custom coding or third-party products, but they're all essentially working around a fundamental oversight in information security inherent to GUI's. Can't we patch that? Like a GPO setting that disables the ability to select text in a DOS window on a per-user basis, or that disables text selection per-user or per-URL wildcard entry in a list. I bet people would use it if they had it.

Computers - especially networked systems - are inherently insecure. Data breaches and loss should really be expected, frankly. If your data is really that valuable, don't put it on a computer. At least not until OS manufacturers start to take it seriously.

No comments: