The reason why the government gets it right with classifying data is because there’s an actual incentive too… starting with one year in jail!

Interesting about ssh port forwarding and what is basically looking at covert channels. I’d love to work in a larger campus and get a chance to play with mitigating those issues on the network.

Data classification….man. The only place that does this well is the gov’t, and really only because they’ve been doing it for many, many decades. Even smaller companies like mine find it impossible to try to classify and protect data and get mgmt buyin and employee support for it. I can’t even imagine it in a larger company. We can do a lot of lip service the “analyst way” by spouting best practices and we can try to make a dent, but I really truly believe no company has a handle on their data except in maybe a very broad stroke. “Uhh, everything is classified,” or “All emails should not be considered private…” and other such nonsense that isn’t accurate anyhow. Unless someone is looking at and classifying the data manually to some high degree or users are accurately classifying their own information, it’s just not gonna happen. Besides, companies have their product and their profits to worry about and spend money on… :(

Hell, it’s hard enough to get people to delete shit let alone classify it properly. It’s crazy how much information clogs up the network devices and backups and systems like so much cholesterol in a McDonald’s junky. :(