Ask Slashdot: Preventing Snowden-Style Security Breaches?

Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"

Re:simple

[darkmeridian]

This is a very naive and unrealistic worldview. You cannot run any sort of organization if everyone gets a right to veto. Keep in mind that workers with ministerial duties such as secretaries and janitors have access to secure zones and informations. Thus, loyalty will definitely not work because not everyone in an organization of any sort can be loyal, especially when there are third parties paying millions to get this information.

In a perfect world, the CIA, NSA, and other guys don't need to keep secrets. But they do. Your solution is the honor system? LOL. Anyway, Edward Snowden swore a vow that he intended to break. He has no honor or personal ethics. Note that in 2009, Edward Snowden was perfectly fine with government espionage and wiretapping, and excoriated the NY Times and Wikileaks for divulging that information.