It is not what Edward Snowden has said that has the United States government and its National Security Agency so nervous, it is what he has showed – or could still show – to other outside parties.

Nobody seems to know just what data he took with him on his flight to Hong Kong.

Without judging Mr. Snowden's actions as either right or wrong, it is clear that the NSA has issues with how its own employees use, store, and send data – and not just their ability to collect and analyze phone data from millions of other Americans.

NSA either does not know – and this makes them nervous – or they do know – and this gives them more reason to be nervous. Either way you look at it, Snowden was able to send a classified presentation from his office to The Guardian and the Washington Post. Whether this data traveled on a memory stick,  was emailed, or was simply printed out at the office – these are all data leak channels that could have been blocked.

The data released so far – a combination of document files and Power Point presentations – has been enough to upset diplomatic relations between the United States and its European allies in addition to China and Russia. And there may be more upsets in the future.

Nobody is talking about what controls were or are in place at NSA.

I wonder why. Basic controls with data classification and limitations on copying and emailing documents are part of many Data Loss Prevention programs.

There are tools out there which enable Administrators to prevent files from being copied to memory sticks, burned onto a DVD, or emailed outside of the organization. There are tools and procedural steps to be taken for restricting employee access to data. And there are even tools which alert administrators when unusual numbers of files are being opened or copied. Properly applied, these could keep managers from having to read about a their data breach on the front page of the Guardian.

From the technical perspective of Safetica 5, the Snowden breach appears to have been largely preventable. It's not clear if the security processes were faulty – or if the needed processes and data protection measures were just not taken.

Safetica team

Next articles

Dedicated DLP vs. Integrated DLP: Which makes most sense for your organization?

While researching DLP solutions for your organization, you might’ve come across two different variants: dedicated DLP (also known as enterprise DLP) and integrated DLP. In simple terms, a dedicated DLP is a dedicated data loss prevention system. An integrated DLP is an extension to an already existing program used within the organization. Read more.

The Top 6 Biggest Data Leaks of 2022

Last year, that the average global cost of a single data breach was USD 4.35 million – a 2.6% increase from 2021. Read about the top 6 biggest data leaks of 2022, and find out why data protection is so much needed.

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!