5 Steps To Stop A Snowden Scenario

The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
4. Education, education, education.
Training users on security and appropriate use and online behaviors means different things to different organizations. But like any training program, to be effective, it's all about engaging the user on his or her turf.

One major manufacturer took a different spin on training its users. "It's half [the] time on how to protect families and kids [online], and the other half on the workplace," Rachwald says. "They made it very personal and interesting."

Part of that includes empowering users in the kill chain. "It's called ownership," Bigman says. "We had this in the government ... you have to make sure employees are part owners of the issue by having a role in ensuring all data will be secure. They have to understand their activity is being monitored.

"If they do malicious things, there are sure to be administrative and legal actions," he says.

5. Revoke privileges from overprivileged users.
Know what your "super users" have access to, and lock them down so that they don't have complete control of the data. "Does he need access to all of this information" to do his job? Rachwald says.

Keep an eye out for aberrant behavior, he says. A red flag with Bradley Manning, for example, should have been when he downloaded massive amounts of data from SharePoint, Rachwald says. "You need the ability to stop that behavior," he says.

A password vault is one way to better manage privileged users. The vault can be used to store admin passwords and employ a feature where if the admin needs access to something, he puts in a request to the vault, Brock says. "The vault system sends the request on to an approver, who then approves that access for a certain period of time, say four hours," says Brock, who has used such a process. "The vault automatically changes the password, and the admin is logged out. It can only grant access for that task."

Mike Tierney, vice president, business development and operations, at insider threat prevention vendor SpectorSoft, says sys admins especially need scrutiny because they have so much access to sensitive information. "Companies are starting to establish a role outside of IT that's responsible for monitoring systems admins ... But there's always one last watcher who has to be trusted," he says.

SpectorSoft today rolled out an insider threat monitoring platform that provides an early warning system when policies are broken, data is stolen, or other fraud or illicit activity is detected. The Spector 360 Recon tool encrypts the continuously monitoring activity and stores it in a "vault" on users' PC or Mac workstations.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.