Commenting on reports that the NSA hacked the internal communications of the United Nations, our client Voltage Security says that – this will not come as a huge surprise – the take-out is that all organisations need to better defend their internal communications and allied data.
“I suspect that there will be further security revelations appearing in the media over the course of the next few months as further investigations into the documents from NSA leaker Edward Snowden come to light. But the message – already – is quite clear: encrypt your information and communications if you want to defend their integrity”
— Dave Anderson, Voltage Security
According to Dave Anderson, whilst the ramifications of the NSA’s Operation PRISM surveillance have been widely reported in the media over the last few months, there can be little doubt that – had the UN suitably encrypted its internal data sensitive data that it wanted to secure – the chance of the NSA’s surveillance being as effective would have been greatly reduced.
“What all of these allegations indicate is that both organisations and individuals will continue to circumvent the law in order to access sensitive information of others. And whilst it has yet to be proven whether the US surveillance agency has over-stepped the mark with its surveillance activities, the perceived success of these NSA activities, as well as ongoing successful data breaches by cybercriminals, shows the critical need for companies to encrypt their sensitive data to protect it from surveillance, espionage, and criminal activity,” he said.
“Our observations suggest that the business of data has changed. The volume, velocity, and variety of enterprise information continue to grow as companies increasingly use VoIP and multimedia communications – as well as moving large volumes of information across their network, out to the cloud and on to mobile devices. Data in its various forms has become the heartbeat of the organisation, and protecting this resource is paramount for any business to thrive,” he said.
“These new types of communication mean that data has to be protected upon creation – before it moves across the network infrastructure and out across the Internet. The increased use of mobile for communications also challenges organisations to protect data as it moves across and over mobile devices,” he added.
Mr. Anderson went on to say that, in a company survey held earlier this year (April), 62% of senior-level IT and security respondents said that they thought the government snoops on their corporate data, without their knowledge, while it resides in the cloud (http://bit.ly/16QbTZ1).
That survey, he says – which took in responses from more than 300 professionals – revealed that information, especially the sensitive information often included in person-to-person communications, needs to be protected across the entire life cycle of that data.
And because of these requirements, he adds, the organisation’s data protection strategy must include pro-active data protection controls, which gives the business the ability to supervise and manage how underlying data levels are secured through encryption, tokenisation and data masking, as well as how secured data can be used across the organisation while still ensuring compliance.
“Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad-hoc snooping and surveillance activities – the ability to `de-identify’ information – either through encryption, tokenisation or data masking capabilities – provide a very effective mechanisms to secure sensitive data, and how that data is communicated, used and managed,” he said.
“This information and communications strategy provides an underlying foundation for data privacy as well, ensuring that not just the data level itself is secure, but also that the information can only be accessed and used by authorised users – and the specific intended recipients,” he added.
“I suspect that there will be further security revelations appearing in the media over the course of the next few months as further investigations into the documents from NSA leaker Edward Snowden come to light. But the message – already – is quite clear: encrypt your information and communications if you want to defend their integrity.”
For more on Voltage Security: http://www.voltage.com
For more on the latest NSA data surveillance revelations: