Enterprise security Gattaca style

Its good to know that Microsoft is addressing the security issues posed by USB key drives at work by giving IT admin the ability to prevent their connection to work PCs. Unfortunately that wont be available until the 2006 Longhorn release of Windows, which means in reality that it probably wont be widely available until 2007. Given the glacial rate of turnover for office PCs, especially the lowly ones given to "non-essential" staff i.e. everyone except the sales force (smirk), then perhaps by 2010 maybe 50% of all office PCs will be secure. Until then darlings, gather ye corporate secrets while ye may.

Of course the big issue with such problems is that no one at Microsoft appears to have even considered it as an issue until years after USB connectors started appearing on PCs. I mean, come on guys - you put a very high speed connection to the PC bus exposed on the outside of the box and let any user - even a "Guest" account user plug in device and start copying at will. Doh. How about locking down the CD and DVD burner that is becoming standard on all new PCs? And what about the VPN connected remote user who is copy and pasting your secrets onto his home machine? Really, the VPN is a huge security whole waiting to happen.

And when all conventional holes are plugged up I have a few unconventional ones - how about running a little program on your PC that converts all your company secrets to a convetional audio stream and then plugging in a recording device to the PCs audio jack? Old-timers will know such a tape based scheme could easily acheive oh, at least 1200 baud, with modern digital recording I'm sure it could manage much, much higher rates.

So then the audio jack is removed from your PC - after all the bosses don't want to listening to music at work. Then what? Well how about a little program that takes over a small piece of your screen and digitizes the company secrets to a rapidly changing 2D barcode pattern. Place a small optical scanner up to the screen and just suck the secrets in that way. Synced with the screens 60+ Hz refresh rate one could easily imagine ripping up to a megabit per second of data that way.

Or how about this - use steganographic techniques to add little extra pixels of information to convential text print outs. Anyone inspecting such printouts will see just plain old text totally unrelated to the actual subject matter encoded within it. A 100 page printout could easily conceal a few million bits of information.

Well, those maybe far fetched, but really I'm just trying to say, where there is a will there is a way and those intent to steal the company secrets will eventually find and exploit it.

But for convential information leakage it seems like new ways to leak information are sprining up as fast as companies like Microsoft try to lock them down. Real data security needs to go much deeper right down to the OS, device and hardware level. That is what Microsoft is trying to do with some of its much rumoured Longhorn and post-Longhorn technologies. So may be, just maybe, the worlds supposedly #1 supplier of operating systems to businesses users might catch up with the casual disgruntled employee who the day he is laid off wants to rip off the source code for the companies entire product line - just because he can.

If the logical progression toward fear and paranoia continues to evolve in the workplace then perhaps by about 2050 the workplace will start to resemble that from the 1997 movie "Gattaca". In Gattaca workers file in past a blood based DNA identification, and onto their identical workstations arranged like a 1950s typing pool with just a keboard and monitor exposed on each desk. Each keystroke is monitored and the boss wanders around menacingly, checking over the shoulders of his minions lest they pause for a minute to contemplate their lot. Just to keep them on their toes random urine and blood based DNA and drug checks are held.

If I was designing the Gattaca secure work place somewhat I'd improve things somewhat by building a tiny DNS sensing vacuum right into the keyboard so as human detritis flakes from the hapless workers fingersthey are continuous monitored to ensure they user is supposed to be. Infact you might just as well plumb the worked directly into the computer intravenously and continuously monitor his blood...