The story of Edward Snowden — a whistleblower or traitor, depending on your world view and inclination — has been become an ongoing saga. Recently, Snowden left Moscow’s Sheremetyevo airport on Aug. 1 after Russia granted the former U.S. spy agency contractor temporary asylum. Snowden was holed up in the airport transit area for over a month.
Despite the news of domestic surveillance and questions about whether the government has overreached its legal limits, there are additional lessons to learn for corporate IT departments, even if you have received your information technology degree.
Everyone is foreign somewhere
One of the government claims is that it was focused on foreign persons who might pose a danger to the safety of the United States. Perhaps that is true, although the NSA was reportedly gathering information on virtually every citizen in the country. But look at things from a different frame of reference for a moment.
If the United States is broadly gathering information, could other companies be doing the same? According to a report in Le Monde, France also intercepts massive amounts of data from telephone calls and computer use. If it is doing as the NSA has done, then the country’s DSGE intelligence service is interested in what foreigners, including people in the U.S., are doing.
A company operating globally is likely also working in France. So how could such information be a problem? Back in 1993, the CIA warned that the French government might be spying on U.S. companies, presumably as part of a program of economic espionage. Metadata could help trace a pattern of connections between companies and individuals, possibly uncovering the development of business ventures, new sales and marketing strategies, and even major customers.
Companies might think of undertaking more secure communications and using particular care on sensitive engagements.
Remember to lock the back door
Companies often focus on outside threats to their security and business privacy. But if you talk to enough security experts, you’ll hear that the biggest threats to a company come from insiders.
They are the people who already may have the clearance and access to sensitive information. Personnel can walk out the door with amazing amounts of sensitive information.
Before you nod and say you’ve heard it all before, remember that so had the security contractors that had hired Snowden. And yet, he obviously took a significant amount of sensitive information. He’s not the only one. Bradley Manning, the 25-year-old Army private who gave thousands of classified U.S. military and diplomatic documents to WikiLeaks, was acquitted Jul. 30 in Maryland of aiding the enemy in a military court-martial, but was convicted on multiple other counts, according to news reports.
What makes both these examples even more important is that they took place in the framework of what was supposed to be highly secure military restrictions. If the Department of Defense (DOD) and its contractors cannot keep information under control, what makes you think that your organization necessarily has?