In modern times though, the ability to cut & paste in browsers, command prompt windows, etc. means you have to jump through enormous hurdles to institute a truly read-only security level for your data, meaning it only exists within an application and can only be read on-screen. If it's possible at all (it may be and I just don't know what products one would use to perform Windows surgery to disable any cut/paste ability anywhere).
All of the effort an administrator could go through would still be vulnerable to something that renders the measures moot - either that or you have so greatly impacted user productivity that the question becomes why let them come to work at all?
Just once in a while it seems like it would make sense if it were at least a little easier for companies to say "you can see this, but you can't do anything else with it" - especially in browser based apps. Yes it may be possible with a lot of custom coding or third-party products, but they're all essentially working around a fundamental oversight in information security inherent to GUI's. Can't we patch that? Like a GPO setting that disables the ability to select text in a DOS window on a per-user basis, or that disables text selection per-user or per-URL wildcard entry in a list. I bet people would use it if they had it.
Computers - especially networked systems - are inherently insecure. Data breaches and loss should really be expected, frankly. If your data is really that valuable, don't put it on a computer. At least not until OS manufacturers start to take it seriously.
No comments:
Post a Comment