It wouldn’t be an understatement to say that the details revealed by Edward Snowden have caused a monumental shift in perception of not only the U.S. government but the importance of information security in general. Snowden showed that the U.S. National Security Agency has been monitoring private citizens and businesses in numerous ways, leading to a lot of outrage within the technology community as well as those who only use computers to surf the internet or read email. While it’s no exaggeration to admit that debate has swirled around what is proper governmental behavior, the impact these revelations have had on businesses is still being felt and may not be adequately understood for many years to come. Needless to say, though, that with news of government surveillance spreading, many businesses have begun taking a closer look at their own security measures, inspecting them to see how effective they actually are. As you reexamine your company’s own efforts at securing internal data, it’s important to understand just how much has changed in a post-Snowden world.
Many companies are choosing to move their operations and other business functions to the cloud. While concerns over cloud security existed before the Snowden leaks, businesses are now being forced to look ever more closely at their cloud providers. A number of factors come into play when scrutinizing a vendor, particularly when it comes to the security features they offer. Moving to the cloud is a big transition, particularly because it places security responsibilities in the hands of the provider. If you’re already using a cloud provider, you should take a renewed look at their security promises and capabilities. You should also know the physical location of the cloud provider. Laws and regulations can significantly impact what a government is able to access. Already it has been shown that the U.S., U.K., and France have gained unauthorized access to data, so this is something to consider when moving your data to the cloud. Reports have shown that Iceland, with its special protections and regulatory status, may be just the place to host data privately.
Some businesses have also looked more closely into using open source software for their security needs. The idea behind open source is that since the code is open to everyone, it will be free of back doors that allow governments to access data. While using open source software may seem like an agreeable solution that also saves money, your company would still need to have open source experts on staff that know how to work with and support the software. Plus, there are added risks when using open source. These risks may be alleviated, however, if the original source of the code is known and reputable. Integrity checks should also be done to ensure the code will effectively protect your company’s data.
While there may be a lot concern over government monitoring and surveillance, most security experts agree that the biggest threats may still exist from within your company. According to one study, more than three out of four organizations say they’ve had a data breach that was caused by an employee, whether the worker did so intentionally or negligently. That means proper security training should be a priority for your business, making sure that employees know about the security risks, how to respond to them, and how to avoid situations where they may increase the risks. If you store your data on-site, you should also increase the physical security of your data center with regular preventive maintenance.
Make sure your company does not forget about other best practices that are still important, even in a post-Snowden world. Data encryption remains key, but businesses shouldn’t see that as the only security feature to implement. Your company will need to take a closer look at the purchasing and operational policies it has in place, making sure that the items and services you use and buy feature top-notch security. A piece of software or equipment that doesn’t have adequate security features could represent the proverbial weak link in the security chain.
The details behind the government’s surveillance have made a lot of companies uneasy about their data security. It’s important that your business works to improve IT security, but overreacting is also something that should be avoided. Some experts even say developing a strategy specifically to stop the NSA from accessing your data isn’t worth the time and resources, especially when more serious threats exist. At the same time, there’s nothing wrong with taking another look at your security strategy to make sure it can prevent data breaches that could damage your company.