Skip to content

How Edward Snowden Will Change Your IT Admin’s Job

by on June 13, 2013

Edward Snowden, the self-proclaimed source of U.S. government’s classified information, was not a high ranking official, or a top level CIA operative. He was a contracted IT systems administrator, who received a high-level security clearance only because he was responsible for maintaining systems that held classified information. The security clearance, and the administrative accounts that he was granted gave him full access to look at the data on these systems, but according to public reports he was not part of any specific team that needed access to the data. Therein lies the problem:  delegation of authority was not set up to limit data access to users who really need to see the data and restrict Edward Snowden who only needed to manage the systems it resided on.

Not every environment houses top secret classified government information, but there is almost definitely some intellectual property or financial information that only a select few in your organization really need to have access to. Administrators have historically been granted keys to the castle in order to keep systems up and running, and are rarely restricted at the data level. Here are a few steps you can take to prevent your most valued assets from being leaked or stolen:

  • Separation of duties – All users, regardless of role, should have the least amount of network privileges that still allows them to perform their job functions. Most data leakage or unauthorized access comes from within. People are curious, and if they are able to access one file share, they may try to access another just to see that they can. Accidental behavior can lead to loss. Users who need administrative rights to perform tasks should be assigned a separate administrative account. Activity on this account (logon/logoff, resource access, etc.) should be audited.
  • One-time use passwords – The best method for monitoring administrative accounts is putting in a system that generates a one-time use password, so that whenever someone needs to perform an administrative task, they request a new one-time use password that expires after use.
  • Application security – You should have separate authentication for applications that host critical data. Although convenient, Active Directory credential pass-through puts your data at risk.
  • Rights management and auditing – Restrict access to data based on user’s role and make sure that both your structured and unstructured data have systems that monitor usage. Unstructured data refers to files stored on network file shares that are not indexed in a database or by some other application. Monitoring file access behavior can help in preventing unwanted access and identifying irregular activity.

Organizations should deliver regular end-user security awareness training to reinforce corporate policies and to help employees work safer in their environment. Companies place fiduciary duty on the roles of IT Administrators, but the recent actions of Edward Snowden show they should be looking to change the locks.

From → Uncategorized

Comments are closed.

%d bloggers like this: