Last week’s thorough coverage of the NSA activity, PRISM and Snowden’s leak of information shines a light on a part of security that all too often may get overlooked – that of protecting against the insider threat – whether malicious or unintended. Sure, there are all kinds of story angles that are being covered on the story ranging from privacy and politics and security and storage to expatriates and extradition, but what interested me the most is the security aspect and the insider threat.
Just look at history – Terry Childs, Robert Hanssen, Hanjuan Jin and Bradley Manning, who is currently on trial – they all were insiders who need to be allowed to do their jobs. But what they had access to and what they could do with that information should have been controlled and monitored so the insider threat is managed.
In the Snowden case, we’re looking at an insider who apparently had ultimate privilege as an IT administrator or analyst – someone who had the “keys to the kingdom.” This demonstrates the reason to control privileged user access and limit and monitor their actions.
In an interview with The Guardian, Snowden explained:
When you’re in positions of privileged access like a systems administrator for these sort of intelligence agencies, you’re exposed to a lot more information on a broader scale than the average employee… Anybody in the positions of access with the technical capabilities I had could, you know, suck out secrets.
Any organization using technology to do business deals with this challenge – whether it’s an enterprise and the in-house IT staff, the government using federal employees or civilian contractors to manage its systems, or the IT staff of a cloud provider delivering services to companies around the globe. How does an organization manage those IT administrators with privilege while still enabling them to efficiently and cost-effectively do their jobs – and do it when “policing its own” is the last thing the IT team wants to do? How can security be improved to help protect against the ultimate insider threat?
Here are a few tips that will help protect against leaks:
- Implement the principle of “least privilege.” It’s possible that Snowden needed access to all of the files that he accessed and leaked, but it’s also possible that he had no need for those privileges at all. Organizations must define what people truly need access to in order to do their job, limit access to that, and enforce the practice of “least privilege.”
- Ensure segregation of duties. For example, a privileged user should not be able to initiate a transaction and approve the same transaction.
- Monitor what the privileged users are doing so any person considering doing something wrong knows that they will get caught. (Although in some instances, this still may not deter someone with malicious intentions).
- Finally, and perhaps most important as this could have helped prevent data collection by Snowden and Manning, is to control what the privileged user can do with the data and information he or she can access. For example, index content so that it cannot be put on a thumb drive or emailed outside the organization.