Cross post from Cipherpoint.com:
At a high level, the Snowden and Wikileaks security breaches both highlight the insider threat to sensitive information. The “insider threat” has been well understood (for a very long time) to be very serious (significant impacts are likely from insider security breaches). Also well known is the difficulty in implementing controls that fully mitigate the threat.
If you’re wondering how insiders can access sensitive information in SharePoint, here’s a link to a video demo showing how easy it is for a maliciou.... Note that this problem is not specific to SharePoint. Any technology can be compromised by a malicious individual with administrator privilege.
While both PRISM and Wikileaks involved government entities (a national intelligence agency and the DoD), the threat from insiders and system administrators is a universal one. Every year, we see numerous stories about insiders from a myriad of different companies and industries walking off with sensitive or valuable data.
A few key takeaways regarding the insider threat and SharePoint:
- SharePoint security should start with understanding the information assets that exist on your SharePoint sites. It’s fundamentally not possible to assess risk without this understanding. At CipherPoint, we talk with many SharePoint users, and it’s frankly alarming how many have no real idea if there’s sensitive or regulated content stored on the platform, or where it exists. If you’re in this boat, have a look at our content scanner video.
- Any organization with sensitive or valuable information in SharePoint is at risk. Certainly this includes defense and intelligence organizations, but it also includes commercial organizations with high-value IP, trade secrets, financial information, M&A information, Human Resources information, and many other categories of valuable information.
- In any given organization, controls aimed at fully mitigating the insider threat will likely need to include both technical controls, and administrative controls. Most IT platforms do not provide native security controls capable of preventing administrators from accessing information for which they have no “need to know”. This is obviously true for SharePoint deployed with out-of-the box security controls implemented on-premises. It’s also true for cloud collaboration platforms such as SharePoint Online, Office365, Box, and others. For all of these platforms, 3rd party security controls (such as CipherPoint’s security products for SharePoint, file servers, and cloud collaboration platforms) can fill this gap. In addition, technical controls will need to include a mix of preventive controls (access controls and encryption), and detective controls (audit and reporting).
- Platforms like SharePoint can be used in high security applications. Solutions like CipherPoint’s can enable businesses to expand their use of SharePoint, and to bring the benefits of collaboration to new use cases involving sensitive and regulated data (while maintaining security, even against malicious insiders).
If you have sensitive information stored in SharePoint, file servers, or in cloud collaboration systems, and would like to learn more about CipherPoint’s security solutions, please check out our informative whitepapers, request a trial, or contact us.
Here’s a few external articles involving security breaches where malicious insiders were the source of attack:
- Interview with Robert Bigman, ex-CIA CISO, on preventing insider security breaches.
- Slashdot article on preventing insider breaches
- Information Week article on preventing insider security breaches
The folks at Carnegie Mellon US CERT have done some good work in characterizing insider threats and attacks. See their resources here.
By Mike Fleck