Today, organizations across the country are struggling to keep their data secure. As discussed in an interview with the Modern Network on April 24, Matt Keller, Vice President of Federal Services at GuidePoint Security, goes on to explain “that the single largest challenge faced by defense and intelligence agencies is protecting their data from both external and insider threats. Information security is a top priority for both agencies as well as other organizations because of a common characteristic: they are all at risk for data leakage.”
Some environments are more vulnerable to data disclosure – either from an external hacker publishing their findings on Pastebin or other forms of disclosure. On the other hand, the Trusted Insider is what threatens the Federal Government’s networks. Since Bradley Manning released information to WikiLeaks in 2010, the Federal Government has heightened its awareness of the Insider Threat. This was even more compelling in May 2013 when Edward Snowden released highly classified data about the United States and its Allies. In 2011, President Obama signed Executive Order 13587, which states that the Federal Government made a commitment to “Improve the Security of Classified Networks”. This has created strain across the Federal Government to secure the data and simultaneously allow for collaboration of information among Intel Analysts. The lack of collaboration was the finding of the 9/11 commissions and the Federal Government is still working to tear down these stove pipes.
Creating an environment that enables the workforce to collaborate freely while also keeping data secure is important. Approaching the security of data is critical for the US Government but also individual organizations. This trend of the Trusted Insider releasing information to competitors and/or the public is concerning and the typical answer isn’t to secure the sensitive data and toss the keys. To prevent the throw-away-the-key mentality, it’s important to understand the problem and, thusly, how to address it. The tricky part is granting access to the data while also monitoring the user who is accessing the data. This allows timely access to the data while also allowing the data to stay secure across the network. Other options to protect the data from improper disclosure include deploying a comprehensive security solution to monitor the user, accessing devices only on a host computer, and granting authentication and authorization based on a user’s role. “And it is worth noting that today’s mobile workforce extends into the intelligence and defense communities, where they require delivery of all sorts of information to the edge, including to the warfighter in the field. By employing available Suite B encryption solutions and other applications, it is possible to share secure communications to wireless and wired network endpoints,” said Matt Keller to the Modern Network.
A typical System Administrator like Edward Snowden should have never had access to the data on the servers for which he was conducting maintenance. Unfortunately, this practice is typical across all organizations. Most systems admins have direct access to the information. However, a system admin should only have access to the application and operating system. If applications were designed correctly, then the user would have access to the information while the system admin would only be able to access the operating system and application hosting the data. Creating this ability across an enterprise is costly and usually ineffective because most applications don’t allow for Role-based Access Controls and Attribute-based Access Controls. Most systems deploy a solution with only a few roles deployed within a RBAC or an ABAC system, thus requiring authorization and authentication of a user before he or she can access the data via different means. Typically this is done by single sign-on or username and password. Both of these methods are useful but don’t guarantee that a user is who they state they are, since usernames and passwords can be compromised.
In order to enable a secure data-sharing environment, the recommendation is to create an experience for the user that is seamless, while also creating a high integrity of the user’s authorization and authentication. Utilizing PKI certificates across Government networks allows users to access the data needed while also providing a high fidelity that the data won’t be compromised by the Trusted Insider. The ability to also deploy user identity to the network is key to keeping the data secure and available, as well as the ability to tag the data. If data is tagged correctly, then a user will be less able to gain access to the information, unless they gain access on a need-to-know basis. This type of function provides PKI certificates to be enabled with attributes that allow the information to stay secure and possibly inaccessible to the system administrator.
For more information on Data Protection and Information Sharing, join Matt Keller, Vice President of Federal Services from GuidePoint Security on Tuesday, May 27 at 12-1pm for a Federal executive forum on WTOP. They will discuss the priorities, challenges, and barriers of information sharing in the Federal Government along with a vision for the future of secure data sharing.
About GuidePoint Security, LLC
GuidePoint Security provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. GuidePoint Security is a small business. Classification can be found with the System for Award Management (SAM). Learn more at www.guidepointsecurity.com.