Commenting on reports that the NSA hacked the internal communications of the United Nations (http://usat.ly/1djSPLp), Voltage Security says that, while they will not come as a surprise to many, the takeaway is that all organizations need to better defend their internal communications and allied data.
According to Dave Anderson, a senior director with the data security company, while the ramifications of the NSA’s Operation PRISM surveillance have been widely reported in the media over the last few months, there can be little doubt that, had the UN suitably encrypted its internal data sensitive data that it wanted to secure, the chance of the NSA’s surveillance being as effective would have been greatly reduced.
“What all of these allegations indicate is that both organizations and individuals will continue to circumvent the law in order to access sensitive information of others. It has yet to be proven whether the US surveillance agency has over-stepped the mark with its surveillance activities, but the perceived success of these NSA activities, as well as ongoing successful data breaches by cybercriminals, shows the critical need for companies to encrypt their sensitive data to protect it from surveillance, espionage, and criminal activity,” he said.
“Our observations suggest that the business of data has changed. The volume, velocity, and variety of enterprise information continue to grow as companies increasingly use VoIP and multimedia communications – as well as moving large volumes of information across their network, out to the cloud and on to mobile devices. Data in its various forms has become the heartbeat of the organization, and protecting this resource is paramount for any business to thrive,” he said.
“These new types of communication mean that data has to be protected upon creation – before it moves across the network infrastructure and out across the Internet. The increased use of mobile for communications also challenges organizations to protect data as it moves across and over mobile devices,” he added.
Anderson went on to say that, in a company survey held earlier this year, 62% of senior-level IT and security respondents said that they thought the government snoops on their corporate data, without their knowledge, while it resides in the cloud (http://bit.ly/16QbTZ1).
That survey – which took in responses from more than 300 professionals – revealed that information, especially the sensitive information often included in person-to-person communications, needs to be protected across the entire life cycle of that data.
And because of these requirements, Anderson adds, the organization’s data protection strategy must include proactive data protection controls, which gives the business the ability to supervise and manage how underlying data levels are secured through encryption, tokenization and data masking, as well as how secured data can be used across the organization while still ensuring compliance.
“Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad-hoc snooping and surveillance activities – the ability to ‘de-identify’ information – either through encryption, tokenization or data masking capabilities – provide a very effective mechanisms to secure sensitive data, and how that data is communicated, used and managed,” he said.
“This information and communications strategy provides an underlying foundation for data privacy as well, ensuring that not just the data level itself is secure, but also that the information can only be accessed and used by authorized users – and the specific intended recipients,” he added.
“I suspect that there will be further security revelations appearing in the media over the course of the next few months as further investigations into the documents from NSA leaker Edward Snowden come to light. But the message already is quite clear: encrypt your information and communications if you want to defend their integrity.”
For more on Voltage Security: http://www.voltage.com