Wednesday, December 29, 2010

Access Control - the Fundamental Question

Here's an article by Schneier about access control in the age when we are wondering about transparency of government departments and that of corporate entities.

When access is granted to employees (in flat organisational structures these days employees has more access than they should to information, and, unfortunately, access once given is not revoked) in excess of what they need to do their jobs, there's a particular need to see that information is not leaked out, manipulated or sold.

Most scams have thrived on access the person in power had to information and the control they exercised over it. This very information became their nemesis as disgruntled elements (who didn't get the perverse rewards) squealed on them.

Most scams are discovered because someone who knows let out information. This is not to advocate hoarding of information but to see that transparency and trust exists in organisations and that information access is not manipulated. The whole 2G scam wouldn't have happened if there was a transparent bidding process, likewise the Commonwealth Games scam.

Sad, but true. We work on the concept of crony capitalism where the government and business get together into a comfort zone. The people who are involved are so drunk by their own power (and, oh, so ignorant of modern systems) that they cock a snook at the establishment they have been given to govern.

Hm. More anon.

No comments: