Security Think Tank: Snowden leaks highlight a common business vulnerabilty


Security Think Tank: Snowden leaks highlight a common business vulnerabilty

The Snowden revelations have highlighted the insider threat risk and challenges around control of users, auditing, behaviour tracking, data egress and admin privileges. 

These are real problems for businesses. Even the most secure and savvy business is exposed to these types of threat, as the National Security Agency (NSA) has shown. 


It also highlights that data flows and communications are at risk from the intelligence activities of domestic and international governments. For the most part, this can be viewed as unsurprising and mostly benign, yet it underlines the need to think carefully about data storage locations, interfaces with trading partners, flows (especially international ones), and even the ownership and structure of corporations.  

This may increase the prevalence of encryption technology with the associated management overheads, user and systems impacts, and will not necessarily safeguard against poor password choice, poor key management or other exploits.  

Open source software is often touted as being the solution to supplier locking and government influence on code exposures – and to an extent this is also true. 

However, open source code, while exposed to scrutiny, is not immune to security bugs and weaknesses, and its open nature means these can be just as damaging as the equivalent weaknesses in proprietary code.

Expertise and skill in navigating these complex issues are key for businesses to be able to adopt an effective defensive stance, rather than a newspaper-inspired knee-jerk reaction strategy.

Piers Wilson is director of the Institute of Information Security Professionals (IISP).

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in January 2014


COMMENTS powered by Disqus  //  Commenting policy