Espionage, Corporate or Government?

Recently, the comment was made in a SANS newsletter (awesome job guys, keep it up) that US government/commercial relations (Patriot Act or no) affect who does business in the US.

Editor’s Note (Pescatore): Of course, this is very much a two-way
street. Many non-US companies see the Patriot Act as meaning that
US-based technology services are government influenced and would put
customer data at risk.

Let’s get real for a moment.  If you think that any sizable nation, say G20, isn’t abusing it’s ability at both the government and corporate level to obtain advantage of some sort, you are sadly out of touch with reality.  The commingling of commercial and government interests goes back to the dawn of spying.  While the majority of business and government goes unmolested (in our humble opinion) anything of “strategic” value, as defined by people with little or no oversight, is likely polluted and pilfered at will.  I’m sure it’s all done in a very professional manner, or companies would shutter their doors, but it’s done.

So when “some unnamed large company” comes to town, they are both target and suspect.  If you have intellectual property you’d like to keep secret, you’d better do a good job of it.  And if you want to business in their home turf, you’d better do a good job of it.

While the spooks would love to be the ones holding the “no more secrets” card, as of today, we’re all still safe, provided we use quality encryption, and don’t screw up our practices.  If you send your sales people to a foreign land with all your pricing and customer data on an unencrypted laptop, you don’t deserve what you’ll get, but you sure deserve a swift kick in the profit centers.

Encryption and travel protocols are just part of the game now.  Keep up or get out.