Posts Tagged ‘whrrl’
To make it clear I’m not speaking of the information being broadcast by employees to social media, I’ve been musing on the risks of Data Leakage Prevention (DLP) of third party employees such as consultants using geolocation services such as foursquare, brightkite or Gowalla. Many companies – very usual with consulting companies – have requirements that their employees do not release the names of customers or customer data to the media, this includes releasing data pertaining to services which are offered, these policies have yet to be fully enforced when it comes to geolocation services.
For a consulting company, such as mine, which has a reasonably diverse offering of security software to customers, yet for a company who is known as a RSA, Oracle or Novell integrator it can create risk vectors when it is known that their in house software leans towards a specific platform. In this way it could become public knowledge that a company uses a specific product, and based on the date of the visits information pertaining to versions can be inferred.
Naturally posting the geolocation to a service such as foursquare doesn’t necessarily open security holes, and it may not violate the standard of “Due Care” in that it is not necessarily negligent to release this information. Although it might not be in the best interest of the customer to make this public knowledge.
On the other had there is also an advantage to be had, in any cases of disputes a travel log like an entry log can be produced as corroborating evidence, although without direct evidence this merely proves where the physical access control device was and not the location of the disputed individual. And only circumstantially where the owner was located.
Image source: me