Snowden Actions Shine Light on Insider Threat

Last week's thorough coverage of the NSA activity, PRISM and Snowden's leak of information shines a light on a part of security that all too often may get overlooked - that of protecting against the insider threat - whether malicious or unintended.

Last week’s thorough coverage of the NSA activity, PRISM and Snowden’s leak of information shines a light on a part of security that all too often may get overlooked – that of protecting against the insider threat – whether malicious or unintended.  Sure, there are all kinds of story angles that are being covered on the story ranging from privacy and politics and security and storage to expatriates and extradition, but what interested me the most is the security aspect and the insider threat.

Just look at history – Terry Childs, Robert Hanssen, Hanjuan Jin and Bradley Manning, who is currently on trial – they all were insiders who need to be allowed to do their jobs. But what they had access to and what they could do with that information should have been controlled and monitored so the insider threat is managed.

In the Snowden case, we’re looking at an insider who apparently had ultimate privilege as an IT administrator or analyst – someone who had the “keys to the kingdom.” This demonstrates the reason to control privileged user access and limit and monitor their actions.

In an interview with The Guardian, Snowden explained:

When you’re in positions of privileged access like a systems administrator for these sort of intelligence agencies, you’re exposed to a lot more information on a broader scale than the average employee… Anybody in the positions of access with the technical capabilities I had could, you know, suck out secrets.

Any organization using technology to do business deals with this challenge – whether it’s an enterprise and the in-house IT staff, the government using federal employees or civilian contractors to manage its systems, or the IT staff of a cloud provider delivering services to companies around the globe. How does an organization manage those IT administrators with privilege while still enabling them to efficiently and cost-effectively do their jobs – and do it when “policing its own” is the last thing the IT team wants to do? How can security be improved to help protect against the ultimate insider threat?

Here are a few tips that will help protect against leaks:

- Implement the principle of “least privilege.” It’s possible that Snowden needed access to all of the files that he accessed and leaked, but it’s also possible that he had no need for those privileges at all. Organizations must define what people truly need access to in order to do their job, limit access to that, and enforce the practice of “least privilege.”

- Ensure segregation of duties. For example, a privileged user should not be able to initiate a transaction and approve the same transaction.

- Monitor what the privileged users are doing so any person considering doing something wrong knows that they will get caught. (Although in some instances, this still may not deter someone with malicious intentions).

- Finally, and perhaps most important as this could have helped prevent data collection by Snowden and Manning, is to control what the privileged user can do with the data and information he or she can access. For example, index content so that it cannot be put on a thumb drive or emailed outside the organization.

Written by

Michael Denning

Mike leads the identity and access management business at CA Technologies. He is responsible for…

Published in

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!


    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website.



  • king lear

    testing comment functionality, please do not publish this

  • Rachel Macik

    Love the personal pic :)

    • CAHighlight

      Thank you!

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.

  • Michele Hudnall

    While the analysts were hyping DevOps, I posted the oversight of not including security as part of that discussion as you are highlighting here. Instead of just talking DevOps, it should be DOS (what’s old is new again :-) – DevOpsSec. As a previous AppDev person, it’s the app, who’s using it, why and where rather than the device and having the service available.

    As you rightly point, out Security should be baked into the solution.

    Nice Post and Timely!


    • CAHighlight

      Thank you for your feedback Michele. Agreed – security cannot be overlooked. Appreciate your input!

  • Mitesh

    I would love a printed copy

  • Lars Johansson

    I love the idea of BYOID! This makes me choose if I am almost anonymous (with my Hotmail Nicname) or official with identity from an official organisation. My Identity Provider will attach identity with right level of LoA according to the need of the Service provider.

    • CAHighlight

      Thank you for your comment. BYOID has tangible benefits for end users and relying parties but it also has to be weighed in the balance with potential risks and liability concerns. It will be interesting to see how BYOID plays out in the enterprise.