Wal-Mart Spying: Good, Bad, Or Just The Future?沃爾瑪諜報:好,是壞,還是將來?
Mel Duvall梅爾duvall
Wal-Mart is used to finding its name on the front page of The New York Times and The Wall Street Journal, but in March of 2007 it found itself making news under very different circumstances.沃爾瑪是用來尋找它的名字就在頭版的紐約時報和華爾街日報,但在3月的2007年,它發現自己製作的新聞在非常不同的情況而定。
Wal-Mart officially apologized to the Times and retail reporter Michael Barbaro after a member of its internal security organization was found to have secretly taped conversations between Wal-Mart employees and the Times reporter.沃爾瑪正式道歉,體現時代性和零售記者邁克爾巴巴羅後的成員,其內部保安組織被發現有秘密錄音談話沃爾瑪僱員及時報記者採訪時說。 Not only did Wal-Mart apologize to the reporter, chief executive H. Lee Scott phoned the chief executive of The New York Times to personally offer an explanation and convey the information that the technician involved, who had 19-years with the company, as well as a supervisor, had been fired.不但沃爾瑪致歉接受記者採訪時,行政長官李香江斯科特立即打電話給香港特別行政區行政長官的同意紐約時報親自給予解釋,並傳達出的信息技術人員參與,他們已經19年與該公司合作,為以及監管機構,已被解僱。
But the matter did not end there.但此事並未就此結束。 Weeks later, the fired technician, Bruce Gabbard, went public, telling The Wall Street Journal he was part of a larger, sophisticated surveillance operation at Wal-Mart.星期後,發射了技術員,布魯斯gabbard ,公開上市,告訴華爾街日報,他的一個組成部分,較大的,先進的監視行動,沃爾瑪。 Gabbard said the retailer employs a variety of means, including software that can monitor every key stroke on the retailer’s network, to keep tabs not only on employees but also on its board of directors, stockholders, critics of the company, and in at least one instance, on a consultant, McKinsey & Co. gabbard說,零售商採用了各種手段,包括軟件,它可以監控每一個關鍵中風對零售商的網絡,以掌握不僅對員工,而且對公司董事會的董事,股東,批評該公司,並在在至少有一名例如,如果某個顧問,麥肯錫公司
Wal-Mart later denied some of Gabbard’s allegations, in particular statements made that Wal-Mart had spied on its own directors as well as shareholders, but the incident cast a spotlight on the retailer’s normally secretive security organization.沃爾瑪後來否認有些gabbard的指控,特別聲明說,沃爾瑪曾去搞自己的董事以及股東,但事件中投下了聚光燈下對零售商的正常隱秘的安全組織。 McKinsey & Co. was contacted by CIOZone to confirm Gabbard’s statement that Wal-Mart spied on its consultants, but spokesman Mark Garrett said because of the confidential nature of McKinsey’s work with clients, the firm declined to comment.麥肯錫諮詢公司取得了聯繫,由ciozone確認gabbard的聲明中說,沃爾瑪來搞其顧問,但發言人馬克蓋瑞特表示,由於保密性,麥肯錫的工作,與客戶,該公司拒絕就此發表評論。
Kenneth Senser, a former top official at the CIA, heads the company’s global security operations.丁傳感器,一名前高級官員在美國中央情報局主管,該公司的全球安全行動。 His lieutenants include a number of former government and defense department security specialists.他的幕僚,包括一些前政府和國防部門的安全問題專家。 David Harrison, a former member of US Army Special Operations Command, heads the company’s analytic research center, which has a mandate to identify threats from suspect individuals and groups.大衛哈里森,一名前成員,美陸軍特種作戰司令部,負責該公司的解析研究中心,其中有一個任務是查明威脅,從嫌疑人的個人和團體。 Joseph Lewis, a 27-year FBI veteran, heads corporate investigations.約瑟夫劉易斯,一個27歲,聯邦調查局資深主管,企業進行調查。 And Steve Dozier, former director of the Arkansas State Police, is a VP in charge of corporate investigative services.史蒂夫dozier原主任阿肯色州州警察,是一個副總裁,負責公司的調查服務。
It is not unusual for Fortune 500 companies to hire law enforcement or intelligence experts for their security departments, but Wal-Mart actively recruits those with military or intelligence backgrounds.這一點也不奇怪,為財富500強公司聘請執法人員或情報專家,為他們的安全部門,但沃爾瑪積極招聘那些與軍事或情報背景的。 Last March it posted ads on its Web site and on sites for security professionals for “global threat analysts” with backgrounds in government or military intelligence.去年3月,它的廣告張貼在其網站上,並在原址,為安全專業人員,為"全球性的威脅,分析家"與背景在政府或軍事情報。
“Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people,” Wal-Mart spokeswoman Sarah Clark said in a statement in April. "最喜歡的大公司,這是我們公司的責任,以有系統的地方,包括軟件系統,以監測威脅到我們的網絡,知識產權和我們的人民, "沃爾瑪女發言人薩拉克拉克在一份聲明中說,在4月。 Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities.繼gabbard發射時,沃爾瑪說,它進行了審查,其監督活動。 “There have been changes in leadership, and we have strengthened our practices and protocols in this area,” Clark said. "有變化,在領導,我們已加強我們的做法和議定書,在這方面, "克拉克說。
When contacted by CIOZone, Wal-Mart spokesman John Simley restated the company monitors threats using a variety of techniques, as would any company its size.當接觸ciozone ,沃爾瑪公司的發言人約翰simley重申了該公司顯示器威脅使用各種不同的技巧,就如同任何公司,它的大小。 “Every company has an obligation to its shareholders and to its employees to ensure that its information isn’t compromised,” Simley said. "每家公司都有義務向股東和僱員,以確保其資料不外洩, " simley說。 Simley would not, however, provide details on the security department reorganization. simley會,但不能提供詳細資料,說明安全部門重組。
To be fair, Wal-Mart is not the only company involved in a spying controversy.為了公平起見,沃爾瑪不是唯一一家涉及一宗間諜爭議。 Other high-profile corporate spying incidents have drawn public attention to the fact that companies are using an increasing array of methods to snoop on, or monitor as is the preferred term, the everyday activities of employees, suppliers and customers on their networks.其他高知名度的企業間諜事件已經引起公眾注意一個事實,即公司使用的是越來越多的數組方法窺探,或監視器,因為是首選來說,日常活動的員工,供應商和顧客對它們的網絡。
In December a researcher in the anti-spyware unit of Computer Associates, revealed that Sears Holdings Corp. had installed spyware software in a program offered to customers via its “My SHC Community” shopping network that allowed Sears to track its members 12月,研究員,在反間諜單位Computer Associates的顯示西爾斯控股公司安裝了間諜軟件在一個程序提供給客戶透過"我的特困社區"購物網,使西爾斯追踪其成員 online browsing behavior網上瀏覽行為 . 。
Sears says it does disclose the tracking software in a privacy statement, but Harvard Business School assistant professor Ben Edelman has criticized the retailer, saying the disclosure is difficult to find and consumers rarely read such statements.西爾斯說,它披露跟踪軟件隱私權聲明,但哈佛商學院助理教授,本埃德爾曼批評零售商說,披露是很難找到和消費者很少看到這樣的聲明。
Boeing was the subject of a Seattle Post Intelligencer investigative story in November, which questioned its monitoring activities, including the reading of emails and波音的一個議題西雅圖郵Intelligencer )調查的故事,在11月,質疑其監測活動,其中包括閱讀電子郵件和 videotaping of employees偷拍的員工 . 。 Boeing spokesman Tim Neale said when employees log on to the corporate network they are fully informed that their activities are being monitored.波音發言人Tim Neale曾經論述說,當員工登錄到公司網絡,他們充分了解到,他們的活動都受到嚴密監控。 He said only authorized personnel have the capability to monitor corporate systems and they do so only when they have reason to suspect abuse or misuse.他說,只有得到授權的人員,有沒有能力監管企業制度,他們這樣做時,才有理由懷疑被濫用或誤用。 “For example, it is against company policy for an employee to use company systems to run his or her own business,” Neal said. "舉例來說,這是違反公司政策,為員工使用公司的系統來運行他或她自己的生意, "尼爾說。 “Of course, it is also against company policy to share proprietary information with parties outside the company, unless authorized by management to do so.” "當然,這也是對公司政策共享專有信息與各締約方以外的公司,除非授權管理那樣做" 。
And, in probably the most publicized example, Hewlett-Packard found itself in hot water with California regulators in 2006 after it initiated an investigation of its own board of directors to discover the source of leaks to the media. ,並在可能的最宣傳舉例來說,惠普公司發現自己在熱水與加州監管機構在2006年後已展開調查,其本身的董事局發現的源泉洩露給媒體。 The investigation included monitoring of emails and instant messages, as well as using illegal means to obtain telephone records of employees and journalists.調查包括監控電子郵件和即時消息,以及用非法手段獲取電話記錄的員工和記者。 The company was ordered to pay $14.5 million in fines and bring its internal investigations into compliance with California laws.該公司被責令支付1 450萬美元的罰款,並將其內部調查,遵守加州法律。
Most employees have now come to expect that their activities on corporate computers are being monitored to a certain degree.大多數員工現在已到了期望,他們的活動對公司的計算機都受到嚴密監控,以在一定程度上。
But in 2008 CIOs will be increasingly drawn into discussions about who should be in charge of monitoring employees, what software tools should be deployed to protect corporate resources, and which electronic activities corporations should or shouldn’t watch.但在2008年的CIO將越來越被拖入討論誰應負責監測員工,有什麼軟件工具應該部署,以保護企業資源,並為電子貿易活動的公司,應該或不應該看。 “There used to be an argument over whether we should be doing this at all,” says Alan Paller, director of research at the SANS Institute, an industry-sponsored research group and computer security training body. "以前有一個爭論,我們是否應該做這一切,說: "艾倫帕勒爾研究部總監SANS研究所,一個行業贊助的研究小組和計算機安全培訓機構。 “It rarely comes up as an issue any more.” " ,也很少出現了一個問題,有更多" 。
David Zweig, an associate professor of organizational behavior with the Rotman School of Management at the University of Toronto who has written books on the issue of workplace monitoring, says that it is now believed close to 75% of employers have some form of electronic monitoring in the workplace.戴維茨威格,副教授組織行為與rotman管理學院在多倫多大學的人寫的書對這一問題的工作場所監測說,它現在相信接近75 %的雇主具有某種形式的電子監測工作場所。
Zweig is not against monitoring.茨威格是不反對的監測。 He believes in today’s environment, where companies face a wide range of internal and external threats, some levels of monitoring are necessary.他認為,在今天的環境下,公司面臨著各種各樣的內部和外部的威脅,有些水平的監測是必要的。 However, he believes the monitoring should be in relation to the risk, and that companies need to do more to inform employees exactly how they are being monitored and why.不過,他認為,監測工作應在有關的風險,以及公司需要採取更多的行動來告知僱員到底如何,他們都受到嚴密監控,以及為什麼。 “If you give people a rational explanation for monitoring, they will at least see why the company is doing it,” he says. "如果你給人民一個合理的解釋,為監測,他們將至少看到該公司為何這樣做是" ,他說。 “But you should be open and inform them exactly how it’s being done and what controls are in place. "但是你應該公開進行,並通知他們到底如何,它的正在做什麼管制措施已到位。
“It’s easy to monitor—it’s much more difficult to develop proper controls and processes,” he says. "人們很容易監控它的成本太高,難以制定適當的控制和過程" ,他說。
Ira Winkler, president of Internet Security Advisors Group of Baltimore, Md., and author of books such as “Spies Among Us” and “Zen and the Art of Information Security,” doesn’t believe in coddling employees with lengthy disclosures and explanations for why monitoring is taking place.愛爾蘭共和軍溫克勒總統的互聯網安全顧問小組的巴爾的摩市,馬里蘭州,和作者的書籍,如"間諜在我們中間" , "禪與藝術,信息安全, "不相信,在蘋果蠹員工長篇披露和解釋為什麼監測正在發生的。 “Get over it. "得到它。 Companies need to protect themselves,” says Winkler.公司需要保護自己,說: "溫克勒。 “The fact is nobody should have any expectations of privacy when they’re using the company’s computers.” "事實是,任何人不應有任何的期望隱私的時候,他們正在使用該公司的電腦" 。
In fact, Winkler advocates companies apply a blanket approach to security and use of the Internet in particular.事實上,在溫克勒主張公司申請一刀切的方式處理安全和互聯網的使用,尤其是。 Simply tell employees or suppliers accessing a corporation’s network, they are being monitored and non-approved activities will not be tolerated.簡單地告訴員工或供應商進入該公司的網絡,他們都受到嚴密監控,並未經批准的活動將不會被容忍。 End of story.年底的故事。
Is that fair?這是否公平呢? “I think it’s totally fair,” he says. "我認為這是絕對公平的, "他說。 “If I want to go shop on eBay or download porn on a company computer, that’s my stupidity, not the company’s,” he says. "如果我想要去eBay上開店或下載色情一家公司的電腦,這就是我的愚蠢,而不是該公司的" ,他說。
For many organizations the line will probably be drawn somewhere between Zweig’s and Winkler’s viewpoints.對許多組織路線可能會訂於某個之間茨威格和溫克勒的觀點。 But what is clear is a mounting body of evidence points to the need for network monitoring against a wider definition of internal and external threats.但問題是什麼是很清楚,就是越來越多的證據指出,有必要建立網絡監控對一個更廣泛的定義,內部和外部的威脅。
As the world’s largest retailer, Wal-Mart does often find itself a target for a wide range of protests and potential security threats.作為世界上最大的零售商沃爾瑪,是否經常會發現自己的目標,為廣泛的抗議活動和潛在的安全威脅。 Its stores have been targeted by groups who feel its low wages contribute to the working poor and it has been the subject of frequent union protests over its healthcare policies.其店面已被定為目標群體,他們覺得自己工資低,有助於工作中的窮人和它一直受到頻繁聯盟抗議,其保健政策。 In December alone, Wal-Mart stores were evacuated for periods of time after bomb threats were reported at stores in Somerworth, NH, Noblesville, Ind., Viera, Fla., Fruitland, Md., Fayetteville, Ark., Garden City, Kan., and Halifax, Nova Scotia.在12月,就有沃爾瑪被疏散,持續時間為長一段時間後,炸彈威脅的報告,在商店somerworth新罕布什爾州noblesville ,工業,韋奇立,佛羅里達州, fruitland ,馬里蘭州,費耶特維爾,總部位於阿肯色州,園林城市,根,和哈利法克斯,新斯科舍省。
At a gathering of security specialists in New York City in January of 2006, David Harrison, the former Army military intelligence officer who was hired by Senser to head Wal-Mart’s analytical security research center, provided a rare glimpse into the company’s monitoring operations.在一次聚會的安全專家在紐約市在2006年1月,大衛哈里森,前陸軍軍事情報官員,他受僱於由傳感器,以頭部沃爾瑪的解析安全研究中心,提供了難得的一瞥,進入公司的監測行動。 Harrison told the gathering Wal-Mart faces a wide range of threats: “A bombing in China, an armed robbery in Brazil, an armed robbery in Las Vegas, another bomb threat, and that was just yesterday,” Harrison said.哈里森告訴與會人士,沃爾瑪面臨著各種各樣的威脅: "轟炸中國,一宗持械行劫,在巴西,一宗持械行劫,在拉斯維加斯,另一枚炸彈威脅,而這僅僅是昨天, "哈里森說。
To safeguard its employees and operations Wal-Mart has tapped its massive data warehouse of information, now believed to be larger than 4 petabytes (4,000 terabytes), to look for potential threats.為了維護自己的員工及業務沃爾瑪已挖掘其巨大的數據倉庫中的信息,現在相信是大於4 PB級( 4000 TB級) ,以尋找潛在的威脅。 It tracks customers who buy propane tanks, for example, or anyone who has fraudulently cashed a check, or anyone making bulk purchases of pre-paid cell phones, which could be tied to criminal activities.它追踪顧客購買丙烷坦克,例如,或任何人以欺詐手段在銀行辦理退房,或任何人,使大批量採購的預付費手機,它可以綁犯罪活動。 “If you try to buy more than three cell phones at one time, it will be tracked,” he reportedly told the audience. "如果你想購買三年多的手機在同一時間,它會被跟踪, "他告訴聽眾。
When CIOZone contacted Wal-Mart for comment on this story, the company said it would not provide further information or make its security officials available for interviews.當ciozone接觸沃爾瑪評論這個故事,該公司表示,它將不會提供進一步的資料或做出自己的安全官員提供的面試。 It did not dispute Harrison’s reported statements.它沒有爭議哈里森的匯報發言。
But, according to one report, Kenneth Senser, the senior vice president of global security, aviation and travel, is in charge of an apparatus that spans the company’s global operations.但是,根據一份報告,丁傳感器,高級副總裁兼全球安全,航空和旅遊的,是負責的一個儀器遍布該公司的全球業務。 Senser oversees a department with about 400 employees, according to an interview he gave last March to The New York Times.傳感器監督部門,與約400名員工,根據記者採訪時,他去年3月向紐約時報。 Heads of the company’s crisis management, investigative services, the analytical research center headed by Harrison, as well as individual departments assigned to address corporate fraud, security of the company’s headquarters in Fayetteville, Ark., and protection of the company’s top executives, all report directly or indirectly to Senser.元首公司的危機管理,服務,調查,分析研究中心為首的哈里森,以及個別部門指派,以解決公司詐騙,安全的,該公司的總部設在費耶特維爾,總部位於阿肯色州,並保護公司』 s最高行政人員,都直接或間接向傳感器。
In its advertisements for “global threat analysts” last spring, the job description included collecting information from professional contacts and public data to assess threats coming from “world events, regional/national security climates, and suspect individuals and groups.”在它的廣告,為"全球性的威脅分析師" ,去年春天,工作說明,包括蒐集資料,由專業的接觸和公共數據,以評估未來的威脅來自"世界大事,區域/國家安全的氣候條件,和嫌疑人的個人和群體" 。
Gabbard, the Wal-Mart employee fired for recording reporters’ phone calls, said in his interview with The Wall Street Journal that Wal-Mart uses software from Raytheon Oakley Networks to monitor activity on its network. gabbard ,沃爾瑪的員工被炒魷魚記錄了記者的電話,說他在接受採訪時,與華爾街日報認為,沃爾瑪利用軟件從雷神廠商Oakley網絡監察活動,其網絡。 The Oakley product was originally developed for the US Department of Defense.該廠商Oakley產品原本是為美國國防部。
The Oakley software is so sophisticated it can allow administrators to visually see what types of information are moving across the network, from Excel spreadsheets to job searches on Monster.com, or photos with flesh tones that might indicate a user is viewing pornography.該軟件廠商Oakley是這麼精密,它可以讓管理員能在視覺上看到的是什麼類型的信息是跨越網絡,從Excel電子表格,以找工作就monster.com ,或照片與肉體的鈴聲,可能是一個用戶在觀看色情。
Tom Bennett, senior vice president of Raytheon Oakley Networks, would not reveal the company’s customers other than the US Department of Defense.湯姆班尼特,高級副總裁,雷神廠商Oakley網絡,並沒有透露該公司的客戶除了美國國防部。 However, the company does note its customers include 10 of the Fortune 100, including top US retailers and manufacturers.但是,該公司沒有說明它的客戶包括10個財富100強,包括熱門的美國零售商和製造商。
SOMETHING TO FEAR 有所恐懼
There are good reasons why companies are turning to increasingly sophisticated monitoring tools.有充分理由相信公司,正在轉向越來越精密的監測工具。 Some studies, such as one conducted in 2006 by the FBI, suggest as much as 70 percent of attacks originate from within an organization.一些研究,例如進行一, 2006年,由美國聯邦調查局,建議更高達70 %的攻擊源於內部的一個組織。
Not only that, but the definition of what constitutes and insider has changed.不僅如此,但定義什麼構成和內幕已有所改變。 Companies now open up their corporate networks to a wide range of suppliers, consultants and customers, and that in turn opens up new avenues for security breaches and data leakage.公司現已開始了他們的企業網絡,以範圍廣泛的供應商,顧問公司和客戶,而這又開闢了新的渠道,尋找安全漏洞和數據洩漏。
Consider some of the higher profile network security breaches of the past year:考慮到一些在較高層次上的網絡安全違反過去的一年:
- Oracle sued rival SAP in March, alleging that employees of an SAP operating unit called TomorrowNow, based in Bryan Texas, stole proprietary information from Oracle’s network.甲骨文控訴對手SAP在3月,並指員工的SAP公司的業務單位稱為TomorrowNow公司,總部設在得克薩斯州布萊恩,偷走專有資料由甲骨文的銷售網絡。 In its suit Oracle claims that TomorrowNow employees used “the log-in credentials of Oracle customers with expired or soon-to-expire support rights,” and then “accessed and copied thousands of individual software and support materials.” Oracle alleges SAP then used the materials to offer “cut-rate” support deals to Oracle clients.在訴狀中,甲骨文聲稱TomorrowNow公司員工用"登入中的全權證書的Oracle客戶與過期或即將到屆滿支持權利" ,然後點"瀏覽和複製數以千計的個別軟件和輔助教材" ,甲骨文稱SAP公司,然後用該材料的提供, "割喉式利率"支持涉及到甲骨文的客戶。 In a statement, SAP responded to the suit by saying TomorrowNow was authorized to download materials from Oracle’s Web site on behalf of TomorrowNow customers.在一份聲明中, SAP公司回應起訴書說, TomorrowNow公司被授權下載教材,從甲骨文公司的網站上代表了TomorrowNow的客戶。 It says it will defend the lawsuits in hearings expected to resume in US District Court in San Francisco early this year.它說,它將捍衛了訴訟的聽證會預計將恢復在美國舊金山聯邦區法院在今年年初。
- Formula One racing team McLaren Group was fined $100 million last September and excluded from the 2007 Constructors’ Championship, after it was revealed a former Ferrari employee took designs for special gases with him when he defected to McLaren.一級方程式賽車車隊麥克拉倫集團被罰款100000000美元去年九月起被排除在2007年建設者錦標賽後,據透露,一位前法拉利車隊員工設計了特殊的氣體與他的時候,他叛逃到邁凱輪。 Ferrari was able to finger the culprit because it had deployed software from Verdasys of Waltham, Mass. which allows it to track individuals that access certain files.法拉利車隊能在手指罪魁禍首,因為它已部署軟件verdasys的馬薩諸塞州Waltham允許它來追踪個人獲得某些檔案。
- WestJet Airlines, a Canadian discount airline, was forced to issue an apology in May 2006 to rival Air Canada and pay a $15.5 million penalty, after it admitted members of its management team accessed a password protected Air Canada employee Web site and downloaded competitive data.西捷航空公司,加拿大航空公司的折扣,被迫發出道歉,在2006年5月向對手加拿大航空,並繳交15500000美元罰款後,它的成員承認,它的管理團隊進入一個密碼保護的加拿大航空僱員網站,並下載了競爭的數據。 The WestJet employees used the Air Canada Web site to obtain detailed information on Air Canada flight loads.該西僱員使用加拿大航空的網站獲取詳細資料,對加拿大航空飛行載荷。
Keith Rice, a vice president with the Threat Detection Engineering Group at Bank of America, notes that an insider may, in fact, be a partner working on critical application development overseas.基思賴斯,副總統與威脅檢測工程集團在美國銀行指出,內幕可能,其實是一個工作夥伴,對關鍵性應用,開發海外。 “One thing we’re running into now is we’ve outsourced a lot of development to India and other locations,” says Rice. "有一件事我們正在運行到現在我們已經外包了大量的開發工作,以印度和其他地點,說: "大米。 “We have very strict contractual rules in place, that state what they can do, what they cannot do, and what they must have installed on their networks. "我們有非常嚴格的合同規則確立後,該國自己能做些什麼,哪些不能做,什麼必須有安裝,對網絡。 But that creates whole new issues for us.”但創造整個新問題,為我們" 。
“It’sa constant battle,” adds Bruce Valentine, senior vice president in treasury management at Comerica Bank. "這是不斷的戰鬥中, "布魯斯說情人,高級副總裁,在國庫管理上了Comerica銀行。 Valentine is responsible for ensuring the security of the bank’s e-commerce and other customer facing applications.情人節是負責確保安全,該銀行的電子商業及其他客戶所面臨的應用。 “We have what everyone wants - money. "我們有什麼大家都希望-金錢。 And data is the key to that money,” says Valentine.和數據,關鍵是要那麼多錢,說: "情人節。 In today’s competitive banking environment, you have to open up your networks to customers, says Valentine, but that means you have to put systems in place to manage the risk.在今日競爭激烈的銀行業經營環境,你必須打開你的網絡,向客戶表示,情人節,但是這意味著你必須把系統已經到位,以管理風險。
Keith Carter, executive director of materials management systems with Estée Lauder, agrees that companies have to accept a certain amount of risk or trust when dealing with partners and suppliers.基思卡特,執行董事,物料管理系統與雅詩蘭黛,同意公司必須接受一定數額的風險或信託在處理與合作夥伴和供應商。 But, he says, that doesn’t mean blind trust.但是他說,這並不等於盲目的信任。 He shared a recent example of data leakage at a security conference in Palo Alto in November.他贊同最近的一個例子,數據洩露的一個安全會議在帕洛阿爾托11月。 Estée Lauder had designed a counter poster display it wanted to use in stores with its Bobbi Brown cosmetic line.雅詩蘭黛曾設計了一個櫃檯張貼海報,它想用在商店與博比布朗的美容線。 “One of our competitors came out with it a month earlier, because the photographer, in this case, showed it to the competitor as a sample [of their work]. "我們的一個競爭對手,梳理出它一個月前,因為攝影師,在這種情況下,表明它向競爭對手作為一個樣本[他們的工作。 We couldn’t use it any longer, because we didn’t want to look like we were the ones who copied the idea,” says Carter.我們不能用它不再遮遮掩掩,因為我們不希望看到像我們那些模仿了主意, "卡特說。
In this case, the company ended its relationship with the photographer, but Carter says the incident demonstrates how easily competitive data can leak out of an organization without proper controls in place.在這種情況下,該公司結束了它與攝影師,但卡特說,這一事件表明,如何輕易競爭的數據可以洩漏出來的一個組織,沒有適當的控制到位。 It also demonstrates the kind of analysis companies need to perform to determine what types of data or files need to be protected.它也顯示了一種分析公司需要履行,以確定是什麼類型的數據或文件需要受到保護。
CONTROLS REQUIRED 管制規定
The consensus seems to be that in today’s environment, where corporate networks are increasingly exposed to insider and outside threats, companies must protect their data by putting controls, policies, and systems in place to monitor activity.共識似乎是,在今天的環境中,企業網絡正日益暴露內幕和外部的威脅,各公司必須保護他們的數據,將控制,政策和制度,在地方監察活動。
But if you accept it as a necessary evil, how do you go about putting systems and policies in place, and making sure employees, partners and suppliers abide by those policies?但是,如果你接受它作為一個必要之惡,你怎麼去把制度和政策不到位,並確保員工,合作夥伴和供應商遵守這些政策?
“When we hear people tell horror stories, so often the breakdown is in the area of communication,” says Robin Ruefle, a member of the technical staff at the Carnegie Mellon Software Engineering Institute Computer Emergency Response Team (CERT). "當我們聽到別人告訴恐怖的故事,所以常常發生故障,是在通訊領域,說: "羅賓ruefle的一員,技術人員在美國卡內基梅隆軟件工程研究所計算機緊急反應小組( CERT )所。
“The right people didn’t get told in the right time frame, the information didn’t get to the right people who could effect change, people didn’t know what the right policies or procedures were . "合適的人沒有得到說,在正確的時間框架,信息沒有抓住正確的人可以改變的影響,人們不知道什麼是正確的政策或程序。 . 。 . 。 there’sa breakdown in process.” Ruefle’s team is involved in developing security best practices for organizations, including creating Computer Security Incident Response Teams (CSIRTs) to respond to security incidents as they happen.有崩潰的過程" 。 ruefle的研究小組正在參與制定安全最佳實踐,為組織,包括製造計算機安全事件應變小組( csirts ) ,以應對安全事件,因為它們發生的。
“A lot of people think it’s just about technology, but really, developing and having the right processes in place is critical,” says Ruefle. "很多人認為,這只是對技術,但說真的,開發和擁有權過程中發生的,是至關重要的,說: " ruefle 。 “It’s about being prepared. "這是關於正在準備之中。 What’s your plan?你對此有何計劃? Who’s involved?人的參與? Do they know what to do when something’s happened?他們知不知道該怎麼辦時的事? Do they know what the policies and procedures are?他們知不知道有什麼政策和程序? Do they know how to escalate?他們知不知道如何升級?
“Having those processes in place, along with the right education, is key.” "有這些程序到位,再加上正確的教育,是關鍵" 。
Zweig, the associate professor of organizational behavior with the Rotman School of Management at the University of Toronto, says while monitoring may be a necessary evil, companies should resist the temptation of putting in systems that go beyond what is necessary.茨威格,副教授,組織行為與rotman管理學院在多倫多大學說,儘管監測可能是必要之惡,公司應抗拒誘惑,把在系統超越了什麼是必要的。
He says there is a line that can be drawn between benign monitoring and intrusive, and Wal-Mart has crossed that line.他說,有一條線可以區分良性監測和侵擾,以及沃爾瑪已越過這個線。 “If you have to use a stick, make sure the stick is in relation to the behavior you’re trying to stop,” says Zweig. "如果你有機會使用大棒時,要確保軟硬兼施,是關係到行為的,你正在試圖阻止說: "茨威格。 “People are going to rebel against the constant monitoring, and you know, Wal-Mart is going to reap what they sow.” "人是要反抗常數監測,你也知道,沃爾瑪是去謀取什麼,他們播下" 。
Big Brother 大哥 Section has more related reports 科更多相關報導 Help keep RINF going..有利於保持rinf去..Comment on 'Wal-Mart Spying: Good, Bad, Or Just The Future?' : 評論'沃爾瑪諜報:好,是壞,還是將來? ' :
Related News: 相關新聞:
