This series relates technology trends and their implications (face recognition technology, Big Data storage and findability, Wearable Computing and Cyber-citizenship , Surveillance) to perennial IT concerns and challenges. The film Minority Report has served as a helpful point of reference in making the relevant connections.

 

It’s been a few weeks since the British news organization The Guardian began publishing stories about and sourced through a Booz Allen Hamilton contractor named Edward Snowden.

 

The story has many aspects and implications. In this case I want to simply point out Booz Allen Hamilton’s obviously inadequate IT policies and practices.

 

Booz Allen Hamilton is no novice in working within the US intelligence bureaucracy; it has a long history of securing very lucrative contracts since National Security Agency director John Poindexter made the decision to have private technology companies modernize that agency’s computing infrastructure.

 

Yet a relatively junior contract IT analyst, Snowden, was able to use his routine access to BAH computing resources to download a trove of classified documents onto a thumb drive. Apparently, the data related to the surveillance of all civilian US telecommunications traffic is so easily available to BAH employees that Snowden could take what he wanted without raising any flags.

 

In the sense that he apparently violated his employment contract, Edward Snowden might be called a rogue IT professional. But Booz Allen Hamilton made it very easy for him. The obvious conclusion is that BAH merely excels at getting US government contracts; having a credible program for ensuring that their customer’s information remains secure is an afterthought BAH didn’t have until now.

 

No Booz(e)

There are many ways to manage the security of the data within your network. One simple but very effective way is to encrypt all data passing through your network and make access to data dependent on role-based systems' use. And that includes access to data flowing through the tools that monitor and manage your network systems. Network monitoring and management products like Solarwinds Network Performance Monitor or SolarWinds Network Configuration Manager support data encryption at the level of AES 256 and impose a role hierarchy on which accounts within your IT systems can view and manipulate.