Edward Snowden Beyond Data Security
Nearly every day, some security vendor reaches out to me describing how its products and services could have prevented the Edward Snowden public-disclosure of NSA surveillance programs. These vendors talk about strong authentication, privileged account auditing, sensitive data controls, etc.
Yup, old Ed stirred the security pot in the vendor community but security professionals are also paying attention. In working with Vormetric on its 2014 Insider Threat Report, ESG research discovered that 45% of enterprise security professionals say that the Edward Snowden incident (i.e. his public disclosure about the NSA and its PRISM program) changed their organizations’ perspective on insider threats.
So everyone is focused on sensitive data discovery, classification, security, and monitoring. From a security perspective, that’s a very good thing, but it seems to me that some other important Snowdenesque issues have been virtually ignored. Yes, sensitive data security is critical, but CISOs need a perspective on privacy, culture, and business in addition to strong authentication, encryption, and logging.