A couple of weeks ago, the NSA Director, General Alexander was quoted in a Reuters article saying that in order to limit data access and potential leakage, they will cut back on 90% of NSA system admin staff.
This statement drove lots of criticism, since it makes no sense to cut back on critical staff in a very disproportionate way, which makes us believe that there is something else there…
“At the end of the day it’s about people and trust,” Alexander said.
Maybe he should have phrased things a little differently: “At the end of the day it’s about people and trust, plus monitoring the people you trust.”
It seems like the real issue is not the number of people, but rather the number of people who hold administrative privileges. What you really need to cut is administrative privileges from 90% of the people.
Administrators should not be immune to scrutiny. In order to refrain from the next Snowden-like issue, segregation of control should be implemented, necessitating a collusion of at least two individuals of different teams to leak the data.
To do so, the security team should be supplied with a compensating monitoring system over files and database access which:
*The administrator has no control of
*Can only monitor access to the data rather than actually accessing the data(eliminating another potential backdoor)
”In God We Trust, All Others We Monitor”
You can find the full blog post here
Barry Shteiman | Senior Security Analyst | Imperva
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…