International Multisite Company - Keeping Documents away from Internet servers IMPOSSIBLE!
I'm reading a lot of comments here, about how Boeing should keep their documents away from internet accessible servers. Well I'd love to know how you can do that when you're an international multi-site company.
I don't work for Boeing but I work for another International multisite company. I work on part of the design here in Germany, colleagues in the UK and France work on other sections, we all need to collaborate on the CAD models and documentation. Yes, the servers are secured, with all the usual jazz, but the fact is we all need to access to that data, and that means there is ZERO chance that we could run this company with all of the data locked away on servers with no access to the internet! Should we be sending that data around the world with memory sticks? Should every single worker in the firm be on a machine that has no access to the internet? Probably we should get rid of email as well, right, because that's an internet facing server?
In this day and age, it is not possible to run a multinational firm, or even a multi site one, without pretty much every computer having a potential internet presence. All you can do is attempt to lock down permissions enough that if someone is compromised that the level of compromise is negligible. And have the systems in place to quickly notice when a system is compromised.
From this article it appears, this guy identified the location of servers and the names of people to be targeted for phishing. Externals did the actual hacking. That would have made it harder for detection of the compromised information, as the hackers could zero in quickly to where they wanted to go. Still 3 years is a long time to get away with this. So Boeing needs stronger detection strength, but in the modern world you cant get away from having internet accessible computers. So accusing Boeing of being foolish for this, is just wrong.