Helping Government Agency CISOs Fix the Snowden Process

Data governance and preventing insider threats

Helping Government Agency CISOs Fix the Snowden Process

By Larry Wolter | January 20, 2015

When people ask how Edward Snowden gained access to so much government information, it was clear that he was able to capitalize on his personal access to secure information and to transfer that information onto an unapproved removable media device, which he used to provide classified content to non-secure sources.

You already know what happened. Since then, government agencies have hardened their acceptable use policy to try to eliminate future information breaches. While the term 'insider threat' isn't a new one, Snowden's name has virtually become synonymous with it.

Government agency leaders need to have access to the most up-to-date information for their decision-making. These leaders rely on their chief information security officer (CISO) to protect the information and manage authorized access to this operational data, while delivering it across different level security domains quickly and securely.

Yet, CISOs have limited technological options for cross domain SharePoint information transfer. Instead of technology, CISOs must rely on a local, manpower intensive, procedural work-around that is cumbersome and unsuitable for today's real-time situational awareness and rapid decision-making requirements. For example, the current process requires transporting information from a secure SharePoint server to a non-secure CD-ROM or USB-based storage device, then back to a second secure SharePoint server. In this technologically robust age, a hands-on process is archaic.

Most problematic, however, is the increased risk of an inadvertent transfer of protected information across compartmented boundaries caused by human error or a breakdown of the 'human-in-the-loop' procedures.

Considering the constant need to share information across high and low security networks, CISOs shouldn't need to require their teams to use removable media for transferring SharePoint content between secret (SIPRNet) and sensitive but unclassified (NIPRNet) domains. A SharePoint tool, in combination with an agency's data guard, should replace outdated removable media for secure automated SharePoint content transfers. With the resulting solution, CISOs can provide end users in multiple compartments and networks of various security classifications access to real-time and in-sync SharePoint content wherever they are and whenever they need it, without the insider threat risk created by using removable media.

Metalogix Replicator Cross Domain Edition is the CISO's SharePoint synchronization solution. It's a purpose-built tool that natively integrates with SharePoint. Replicator Cross Domain Edition mitigates potential insider threat and information leaks risks by automating secure SharePoint content transfer among farms located in multiple domains at different security levels.

While humans may set the policy, you should let Replicator Cross Domain Edition do the work of automatically and securely transferring your government agency's SharePoint content between high and low networks. Learn more on our website:

Leave a Comment

Add new comment

Larry Wolter

Please visit Larry's LinkedIn page to learn more.

Written By: Larry Wolter