April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

The NSA, Edward Snowden and the pursuit of true data security

Moti Rafalin

As the Edward Snowden soap opera continues to play out on the world stage, pundits can fill the airwaves with suppositions about personal and corporate privacy, spy tactics against presumed terrorists, and the fate of one government contractor, now encamped in Russia. In the hallways of government agencies, the conversations are more pragmatic. Security and IT professionals are asking each other how to best protect data when it is the necessary basis for employee collaboration and productivity.   

Avoiding the next data leak 

Like their private sector counterparts, government knowledge workers have found that Cloud and mobile technologies increase their productivity. It is easy to share a file via a commercial-grade Cloud service or download a document onto a personally-owned mobile device. It is not so easy for agencies to ban these practices. After all, the National Security Agency (NSA) prohibits most portable devices, but that didn’t protect the organization when a staffer with an agenda decided to bring a flash drive to work. 

Government agencies are re-thinking how data is stored, accessed and shared on premise and in the Cloud, and with good reason. While employees might blindly trust companies like Dropbox, Box or Amazon with their data, organizations at the federal, state and local levels must limit the ability of these companies to access confidential data. Unfortunately, most Cloud storage services fail to protect data adequately or limit access to it among employees with varying degrees of security clearance. 

Best practices in this area center on easy-to-use solutions that support mobile productivity and workflow and prevent data from escaping the control of IT. Achieving that balance requires organizations to wrap their data protection around individual documents, since there are now far too many free-flowing channels for IT to continue relying on castle-and-moat-style security practices. Government agencies can’t raise the drawbridge against flash drives, smartphones, tablets, personal email accounts, Cloud-based file sharing, or any number of other threats. They can, however, attach security to each file, thereby retaining the ability to limit sharing and printing or revoke access if necessary, even if a document is shared outside the organization or distributed via the Cloud. 

Reclaiming public trust 

The ease with which a contract employee broke the security of an agency that specializes in secrecy raises questions beyond data protection. Congress is taking a closer look at who agencies hire and whether contracting out sensitive work makes sense. Meanwhile, individuals and companies around the world are grappling with how they protect their own data in light of the leaked information about the PRISM program. However, in the IT departments of U.S. Government agencies, the most pressing decisions right now should center on adequate data protection to halt future incidents. 

Imagine if the NSA had been able to wipe clean every document on Snowden’s thumb drive before he delivered the PRISM data to the press. That is the kind of data protection the government sector needs to employ if it is to begin repairing the public’s broken trust. The Edward Snowdens of history are not common, but other threats to data security are. If agencies are to protect sensitive information against everyday risks, such as erroneously sent emails, stolen or lost laptops, or unsanctioned sharing in the Cloud, they will have to change the way they approach data security, and they will have to start at the file level. 

Moti Rafalin is the co-founder and CEO of WatchDox, a provider of secure access, file sync and collaboration solutions. He can be reached via:

[email protected]

 

 

 

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...