Yesterday (4/27/10), breaking news across all media channels, was about the arrest of a Ms Madhuri Gupta working as Second Secretary at the Indian High Commission in Pakistan, on charges of spying. Initial investigations have revealed that she had been passing on information to her local handlers for over two and a half years. The motivation was revenge or ‘trying to prove herself’ against her superiors.While it will take time for the truth to actually be exposed, in respect of her motive, the damage done and the identity of her handler and accomplices (if any), this can be classified as a highly damaging incident since it has happened in a country that is not on the list of friends of India.
This is a classic information security incident with the correct recipe for an insider threat to come true. Another risk that of unauthorized access, also seems to have occurred since it is reported that in her role she did not have access to any sensitive documents. The third risk event that has occurred is of data leakage / compromise as she passed it on to rogue outsiders.
Each of these risks is easily addressed by a robust Information Rights Management (IRM) solution, like Seclore FileSecure. The IRM solution will bring in a granular level of safeguards which is not possible with a DLP solution combined with end point security.
Policies in the IRM solution can be built to restrict access on ALL emails going out which would have addressed the route of the data leak in this case. All mails sent by her would have been ‘secured’ and any person outside the network would not have been able to read it. Additionally, since this is a highly sensitive location, it would be necessary to create a policy to secure ALL documents on the machine or network, and this control is good enough to stop any unauthorized viewing or editing, by default.
Our IRM solution provides the option of enabling the highest level of safeguards, by default. Controls can be established where it is not possible for any activity like viewing, editing, copying, printing and screen grabbing by any unauthorized user. A drive or folder can be FileSecure enabled at the time of creation so that any and all documents that are dropped into the designated location are automatically secured with the defined policy for the location. If the organization enables ‘global’ policy controls on storage locations and email clients the data created is automatically protected without user intervention.
In such a case a red flag event would be reported by the Seclore system when a user changes the default rights on a document. Again, a simple solution, for malicious or accidental leaks. One, that has demonstrated to successfully provide highly robust safeguards, for data at rest or in sharing or in transit. An agent provocateur has now embarrassed the establishment for the weaknesses exposed in the security setup, she would have had a tough time trying to circumvent the controls that are enabled by Seclore IRM.
Posts
2 comments:
Very intresting article. This is how ever is speaking about espionage at the highest level probably.Question would be we have Sentinel to gaurd us, but who will gaurd the Sentinel? How much can a product or solution increase maturity and responsibility curve in this matter?
hey
Post a Comment