Does the name Bradley Manning mean anything to you? If you’re a government organization, the name is synonymous with “colossal data breach” – as Manning spearheaded the biggest leak of classified information in our nation’s history.
To briefly recap, Manning, a U.S. Army soldier, single handedly accessed more than 900,000 intelligence documents, including daily war logs from military operations in Afghanistan and Iraq. And he did it by downloading files onto CDs labeled “Lady Gaga”, which he shared with the whistleblower site, WikiLeaks.
According to Manning’s published chat logs, the event was “childishly easy”; “no one expected a thing”; and the “weak servers, weak logging, weak physical security, weak counter-intelligence, and inattentive signal analysis created a perfect storm.”
With Manning’s trial just a few months away, we take a look back to share three important lessons learned from this monumental event:
Lesson #1: DLP is Important: While Manning had access to a classified network used by the Department of Defense and the State Department, having a data loss prevention (DLP) solution in place that scanned information, across all network points before it left the network, would have provided an additional line of defense to prevent the data from being downloaded – to a CD, flash drive, or any other storage mechanism.
Lesson #2: It’s Time to Cast a Wider Security Net: Because most government agencies are large, data security can be focused on the “core” or interior of the network versus the perimeter of the organization. But, big data security challenges arise as employees have new ways to view and share confidential data – via BYOD movements, wireless access points, and consumer-based, third-party file sharing sites. Now that networks have become more decentralized, agencies need to deploy a wider "net" to secure and manage data.
Lesson #3: Security and Large File Size Aren’t Mutually Exclusive: Large data transfers are not only common within the government domain, they are often required. But how are agencies securing and managing that data? And, can large files be shared simply and on demand? To address these needs, organizations are turning to mobile file sharing solutions that give employees the ability to send and synchronize large, classified and confidential documents with ease, while giving IT the security, authentication, encryption and file tracking and reporting capabilities necessary to support data security best practices.
These are three key lessons to remember as we move into 2013 and strive to keep newsworthy security breaches a part of our past, fully protecting government data exchanges of the future.