By now you will probably have heard of the infamous Edward Snowden, who stole data that was held by the NSA then decided to announce key parts of it publicly. Well last week we actually found out that our best mate SharePoint, may have been a guilty party to!
First the facts…
To discover the source of this announcement watch this video and watch from about 27 minutes. The key phrase Alexander uses is “This leaker was a System Administrator and ran the SharePoint account at NSA Hawaii, so his responsibility was to move data..”
Interestingly, if you watch from 45:15, you will also hear “This leaker was a System Administrator who was trusted with moving information to actually make sure the right information was on the SharePoint Servers that NSA Hawaii needed.” This makes it sound as though he was loading it into SharePoint ,rather than downloading it.
This is contrary to a few reports that came out last week such as :
- ‘NSA chief leaks info on data sharing tech: It’s SharePoint‘ by the Register.
Anyway, for the purposes of this discussion, let’s get some artistic license and assume it WAS in SharePoint 😉
My question is to both SharePoint Administrators and Developers alike! What can we do to make SharePoint more secure and could this have been prevented ? All though they don’t say, let’s make the assumption that the data was stored in standard document libraries.
To help frame the answer, think about :
- What technologies in SharePoint and available as an add-on can we use ? (Some promo is fine 😉
- How can we ensure that the currently logged on user is that user ? Are there different log-on mechanisms that simple user name and password ?
- Can we encrypt the data in SharePoint ?
- Can we audit who, what, when where ?
- Can we put some extra controls in when the documents are being downloaded ?
- Can we lock down Sys Admin privileges ?
- Can we require certain actions in SharePoint to need two users to approve ?
- If he was a SysAdmin could he just go straight to the database ?
If you can’t answer all the questions that’s expected! If you know about a particular area, e.g. auditing then share your knowledge on that. Maybe there’s a nice reference document to be made out of all the answers! Share your experiences, especially if you have worked on a SP farm that requires security clearance!
My company has a data security policy, Stefan – we have to take an online training course to learn about it, pass a test about it and sign a document stating that we understand it and will abide by it. (And that has been in place for at least a couple of years, so it’s not new.) We are not defense contractors, but we are a consulting firm and it is common for our employees to come into contact with our clients’ sensitive data, so it’s a fairly important issue for us.
Mark, the way I look at it, you could have the most secure system in the world, but someone could “steal” data with cell phone snapshots of the screen if they really had to. (Granted it’s more cumbersome and a lot harder to make away with lots of data, but there are plenty of other ways too.) That’s not the fault of the platform, and virtually any platform out there is vulnerable to it, no matter how secure it is otherwise. I’m not sure how you secure against human ingenuity, except perhaps to learn and make better decisions about just who should be allowed to access the data in the first place. In the end, you have to put trust in human beings at some level, and that is precisely the problem.
“Ultimately, any system is only as strong as the people that use it and the planning around its implementation.” TRUE!
I think one of the strongest approaches is to encrypt on the way up, and get approval from a 2nd party at download time. The issue then comes down to how do you protect it once it’s on the PC. Maybe the Word Web app is more secure, but that’s still cached in IE.
Auditing can certianly help retrospectively as to who accessed a file and when. This is however difficult when the user is the System Account, assuming that more than one person could have access to the System Account. But it does narrow it down a lot. Under most circumstances the System Account is only accessed by the SharePoint Farm Administrator. How one can stop this account from accessing specific content would be interesting to find out if it is possible.
As far as data protection is concerned, there are various tools that one can use to mark documents as confidential and add labels and watermarks automatically when someone tries to print out a document (not too sure what happens if they download the file). Might even be able to notify someone when a confidential document is being accessed. (titus.com)
Ulitmately, any system is only as strong as the people that use it and the planning around its implementation.
