Thales Blog

Insider Threats: A Big Concern For CISOs

February 14, 2013

Cloud Security Insider Threat

Many people think that all data breaches occur when outside thieves get into an organization's systems. Not so. The fact of the matter is insider threats are rising dramatically, in both the business world and government circles. According to InformationWeek Reports 2012 Strategic Security Survey, 52% of those surveyed identified insiders as the top security threat at their organization.

To address this growing issue, the Administration sent out a presidential memorandum in November to the heads of all executive departments and agencies outlining policy and setting minimum standards. The memo provided direction and guidance in developing effective insider threat mitigation programs — programs that will deter, detect and mitigate actions by employees who "may represent a threat to national security." Such threats include potential espionage, violent acts against the government, and unauthorized disclosure of classified information.

The Minimum Standards set out in that presidential memo include the capability to: gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.

It's hard to disagree with any of that, but the devil — as always — is in the details. What still needs to be spelled out is that strong privileged user access and control policies are central to the success of any insider threat mitigation effort. That is because only root-level separation of responsibilities can protect sensitive data from the super users in the system. There's no such thing as an unbreachable perimeter on premise or in the cloud, so it's crucial to implement the right technology and policies to lessen the chances of a major breach. Data security platforms are becoming a vital part of the cloud security ecosystem as more agencies move to the cloud. And they have the capability to track and report on exactly who is accessing the sensitive data improperly – both inside and outside the organization - with the integration of granular access control.

Former President Reagan once famously said, "Trust, but verify." When it comes to threats to national security that stem from either outside adversaries or insiders who misuse their access, the “trust, but verify” days are long gone. Agencies must develop strong, proactive, consistent policies and embrace security intelligence technologies that will ensure they can "Protect what Matters."

Wayne Lewandowski is Vormetric’s area vice president, federal. Follow him on Twitter @Wayne42675.