Opinion

Security Think Tank: Snowden leaks highlight a common business vulnerabilty

The Snowden revelations have highlighted the insider threat risk and challenges around control of users, auditing, behaviour tracking, data egress and admin privileges. 

These are real problems for businesses. Even the most secure and savvy business is exposed to these types of threat, as the National Security Agency (NSA) has shown. 

40199_Security-think-tank.jpg

It also highlights that data flows and communications are at risk from the intelligence activities of domestic and international governments. For the most part, this can be viewed as unsurprising and mostly benign, yet it underlines the need to think carefully about data storage locations, interfaces with trading partners, flows (especially international ones), and even the ownership and structure of corporations.  

This may increase the prevalence of encryption technology with the associated management overheads, user and systems impacts, and will not necessarily safeguard against poor password choice, poor key management or other exploits.  

Open source software is often touted as being the solution to supplier locking and government influence on code exposures – and to an extent this is also true. 

However, open source code, while exposed to scrutiny, is not immune to security bugs and weaknesses, and its open nature means these can be just as damaging as the equivalent weaknesses in proprietary code.

Expertise and skill in navigating these complex issues are key for businesses to be able to adopt an effective defensive stance, rather than a newspaper-inspired knee-jerk reaction strategy.


Piers Wilson is director of the Institute of Information Security Professionals (IISP).

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in January 2014

 

COMMENTS powered by Disqus  //  Commenting policy