Is Your Organisation Edward Snowden Proof?

Is Your Organisation Edward Snowden Proof

It’s likely Ed Snowden couldn’t have dreamed of a better reaction to his work. Since leaking the extent of intelligence gathered by the US government through the NSA, his story has dominated headlines on both sides of the Atlantic, placing him as both a cult figure and wanted fugitive simultaneously.

But the cult of Ed Snowden is not what really requires attention here. Regardless of whether it’s in the ‘public interest’ or not, no top-secret applications should be able to be manipulated by any one man. With the right measures in place, the likes of Ed Snowden wouldn’t have a story to tell – and by extension, bodies like PRISM would hold less of your personal data too.

Un-restricted access

Initial reactions to this story were to debate whether Snowden really had the power he claimed to have. Could he really have “shut down” the NSA? Logic states this is highly unlikely. It’s a big leap from stealing classified PowerPoint slides to wire-tapping phones and accessing dossiers for spies and other agency personnel. And surely, the NSA would have segmented the access it gave to any data deemed sensitive or in any way risky.
If it did not, then it’s a significant oversight that should serve as a stark warning to other organisations sitting on supposed ‘secret’ material.

The great unknown

Many people have access to confidential documents within their own company, but they shouldn’t be allowed to change how the network runs. In the case of Ed Snowden, he may have had access to sensitive PowerPoint slides, but may not necessarily have had control of all the other systems needed to bring an organisation to its knees.

This remains the great unknown of this case; we don’t know how broad the leak really was. Determining that will depend on how the network and the systems within the NSA are segmented and monitored. It is highly probable, however, that NSA employers will be able to track all of Snowden’s access to the network and its systems.

Monitoring administrators is an important part of operational security, and with the right engine in place managers should be able to view individual applications accessed specifically by Ed Snowden. I would be very surprised if his employers did not have full records on this access.

Changing mindsets

From a national security point of view, the post-mortem of Snowden’s leak is where attention should be most keenly focused, to determine the veracity of his statements. But if the claims turn out to be true, it does not automatically mean that other organisations are prone to the same breaches.

Generally speaking, the more powerful an application is, the more tightly it is segmented, monitored, and controlled. The same is true of security administrators themselves. The more power they are provided, the more their duties need to be segmented, monitored, and controlled.

In the case of Ed Snowden, we have a very privileged administrator accessing very powerful applications – common practice would be to watch him like a hawk. Ultimately the access to sensitive information comes down to company mindset. In many cases, companies simply think of security as blocking attacks as opposed to the process of securing their information.

Blocking the attack is obviously a critical part of the equation, but it has to be tied into the context of the data itself, the applications that serve that data, and the people that use those applications. The NSA leak is a perfect example of what can happen when very powerful applications and powerful users are not controlled sufficiently.

A modern solution to a modern problem

With vast amounts of privileged and sensitive data stored on company networks and pervasive threat vectors that want to steal that data, businesses require a segmented approach to security that monitors all users, content and applications that are present on the network. It’s an approach some companies have been reluctant to grasp but, given the revelations of the past few weeks, the consequences of not taking appropriate measures should be far more of a concern.

Alex Raistrick

Alex Raistrick joined Palo Alto Networks in early 2009 and is responsible for all sales teams in Western Europe (WEUR). In this role, he has extensive experience of working with large enterprise businesses in Europe regarding network security (firewall market, next generation firewalls), general security issues and technology trends. Previously Alex was the Regional Director for Northern Europe at Consentry Networks where he oversaw all sales, technical and marketing activities. Prior to this Alex held various positions at Juniper Networks, Netscreen, Bluecoat and Lucent Technologies. With 20 years’ experience in the IT sector, he has a strong technical understanding and first-rate business insight. Alex is well known in the Investment Banking sector, large financials, EMEA reseller channel and has strong relationships with most major distributors in the region.