Classified Information but was not Identified as Classified

With the latest information from the inspector general that some emails that Hillary Clinton sent from her private server contained classified information but was not identified as classified.

Ken Westin, Security Analyst for Tripwire says this issue puts a light on the challenges of Shadow IT in Government. Also explains that without direct access to a systems and data, it is difficult to identify sensitive data that has been exposed.

Ken Westin, Security Analyst for Tripwire : 

“Regardless of the politics involved, the issue here outlines challenges of “Shadow IT” either in government or the enterprise. When IT administrators do not have control of, or access to systems and data, it is difficult to identify if sensitive data has been exposed, either directly or indirectly. The classification of data itself can be flawed and it can be difficult to control what data is sent through which systems over time.  The silver lining of the Clinton issue is that there has been increased visibility of the risks of political leaders running their own IT systems. As we saw with Homeland Security Secretary Jeh Johnson this past week, even accessing personal email from work computers could be a security risk. The Secretary’s promise not to access home emails from a government computer reflects stronger policy commitment and detection to mitigate the risks of Shadow IT within the government, particularly amongst senior leaders with access to classified and sensitive data.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]