1 Comment

Summary:

IT pros are a cynical bunch: that the government may be snooping corporate data does not surprise them at all.

It’s not paranoia if someone really is out to get you. That’s an exaggeration of findings of a new survey of IT pros, the majority of whom just assume that governments are snooping into their corporate data.

More specifically, 62 percent of respondents polled at the big Infosec Europe conference said they think the government is looking at their stores of corporate data. What’s notable about that is that the show (and the survey) took place in April, two months before the blockbuster Edward Snowden disclosures about the U.S. National Security Agency’s data gathering operations. Of course, there were earlier indications of massive data gathering from three former NSA officials-turned-whistle blowers.

The survey results were released Friday and showed that well over half of the 300 IT pros responding simply expect Big Brother to be peering at their stuff. Over half of the respondents work for big enterprises (with more than 5,000 employees) in the financial services, retail, healthcare and insurance businesses. The survey was sponsored by Voltage Security, which is using it to promote the need to protect sensitive financial, customer or employee data as well as corporate intellectual property, for its entire life span.

According to a Voltage statement, the only way to provide the necessary levels of security to guard against data loss, either through surveillance, a malicious attack, or an inadvertent disclosure is through a data-centric security program. The same holds true, presumably, for government-sanctioned surveillance.

The whole PRISM and Tempura government data collection efforts by the U.S. and U.K. respectively are being parlayed by any number of interested parties to further their goals. For example, encryption companies say the only way to prevent snooping by government operatives or others is to fully encrypt all data — assuming the government doesn’t have the keys. And E.U.-based telcos, hosting providers and cloud companies are using outrage over NSA data gathering to aggressively promote the use of E.U.- based clouds built by E.U.-based companies.

All of this controversy will be front and center at Structure: Europe in London, where several sessions will focus on cloud security post-PRISM.

You’re subscribed! If you like, you can update your settings

  1. Ralph Haygood Friday, July 26, 2013

    If your data travel over the public Internet, then yes – considering how easy it would be/is for the snoops to snoop (siphoning signals from network backbones, forging certificates to break SSL/TLS/HTTPS if necessary, etc.) and how little regard the snoops have shown for lawful oversight (e.g., James Clapper lying to Ron Wyden), I don’t think it’s cynical at all to assume your data will be snarfed up. And if not only your data but also your code travels over the public Internet, then even doing your own encryption won’t necessarily help you, because a man-in-the-middle attack can deliver tampered code to your users that sends the snoops whatever they want from your users, encryption-free. Far-fetched? I’d say it’s just a question of how interested the snoops are in whoever your users are.

Comments have been disabled for this post