It is not what Edward Snowden has said that has the United States government and its National Security Agency so nervous, it is what he has showed – or could still show – to other outside parties.

Nobody seems to know just what data he took with him on his flight to Hong Kong.

Without judging Mr. Snowden's actions as either right or wrong, it is clear that the NSA has issues with how its own employees use, store, and send data – and not just their ability to collect and analyze phone data from millions of other Americans.

NSA either does not know – and this makes them nervous – or they do know – and this gives them more reason to be nervous. Either way you look at it, Snowden was able to send a classified presentation from his office to The Guardian and the Washington Post. Whether this data traveled on a memory stick,  was emailed, or was simply printed out at the office – these are all data leak channels that could have been blocked.

The data released so far – a combination of document files and Power Point presentations – has been enough to upset diplomatic relations between the United States and its European allies in addition to China and Russia. And there may be more upsets in the future.

Nobody is talking about what controls were or are in place at NSA.

I wonder why. Basic controls with data classification and limitations on copying and emailing documents are part of many Data Loss Prevention programs.

There are tools out there which enable Administrators to prevent files from being copied to memory sticks, burned onto a DVD, or emailed outside of the organization. There are tools and procedural steps to be taken for restricting employee access to data. And there are even tools which alert administrators when unusual numbers of files are being opened or copied. Properly applied, these could keep managers from having to read about a their data breach on the front page of the Guardian.

From the technical perspective of Safetica 5, the Snowden breach appears to have been largely preventable. It's not clear if the security processes were faulty – or if the needed processes and data protection measures were just not taken.

Author
Safetica team

Next articles

Data Loss Prevention, Guide for 2022

Data is a company’s most precious asset, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft.

Infotech: Safetica Product Scorecard

Product scorecards prepared by SoftwareReviews covers Net promoter score and planned renewal rates, feature and vendor capability breakdown, version and module satisfaction levels and comparisons by organization size, usage, and role.

2021 DLP Data Quadrant led by Safetica

SoftwareReviews named Safetica as award winner in 2021 Data Loss Prevention Data Quadrant. Get the in-depth report with DLP vendors comparison bellow.