Classified Data Leaks Continue to be a Problem
This week, the FBI announced it is investigating a classified data leak of U.S. intel on Israel’s plans to retaliate against Iran. The top-secret documents were exposed on the Telegram messaging app, and it’s unclear if it was a leak or hack. The investigation will center on the Defense Department’s National Geospatial-Intelligence Agency, which manages the country’s network of spy satellites and anyone with access to the classified document.
Unfortunately, this classified data leak is not the first. Last year, a U.S. National Guardsman leaked hundreds of classified documents on the Discord messaging platform. Jack Teixeira was charged with the unauthorized removal, retention and transmission of classified national defense information. The leaked materials included intelligence about Russia’s actions in Ukraine and U.S. spy intel on its allies. The leak raised serious questions about how someone could remove classified documents, why there weren’t any mechanisms in place to prevent it and why it took so long to uncover.
The U.S. is not alone; in 2021, the personal data of UK Special Forces soldiers slated for promotion was shared in WhatsApp groups after being leaked from someone inside the Ministry of Defence. The spreadsheet contained personal details, including unique service numbers, of 1,182 British soldiers recently promoted from corporal to sergeant – including those in sensitive units such as the Special Air Service, Special Boat Service, and the Special Reconnaissance Regiment. It was available for download on WhatsApp with no password protection or security markings to identify it as “confidential” or “secret.” According to reports, a former Army source said the practice of sharing promotions in a password-protected spreadsheet on an intranet accessible by the entire 80,000-member British Army is routine.
These data breaches highlight the dangers of insider threats caused by negligence, oversharing and malicious insiders. According to the 2024 Data Breach Investigation Report (DBIR), the top insider threats stem from privilege abuse, such as stealing data for personal gain and miscellaneous errors, with over 50% of errors attributed to misdelivery (e.g., sending an email to the wrong distribution list). The top data impacted by privilege abuse includes personal (83%), internal (46%), other (22%), and bank (14%) information.
Zero Trust is Essential to Classified Data Security
Trusting users to do the right thing is no longer viable for protecting data. Zero Trust Network Access (ZTNA) is quickly gaining popularity to better support today’s distributed workforces and cloud-hosted applications. But what about the data that resides behind the applications, as exemplified in these classified data leaks?
ZTNA is designed to address network and application access, not the data behind the applications. Whether the cause is simple negligence or malicious data theft, a proactive data-centric policy-based approach based on ‘Zero Trust’ is a far more effective methodology to ensure data remains secure. This modern approach to data security uses the same principle as ZTNA—do not automatically trust any user inside or outside your perimeters. Instead, you must verify anyone trying to connect to any systems, applications, or individual data files before granting access to them.
The Who, What, When, Where of Secure Data Access & Handling
When protecting sensitive and classified information, you need the same level of granular control at the data layer required to authenticate users into your systems and applications.
To adequately protect sensitive and classified information, organizations must be able to control a variety of data access and handling factors, including:
- Who should have access to the data?
- What can a user do with it once access is granted? For example, can they edit, download, and/or copy it? Or should it be read-only?
- When is access permissible? Business hours, in the office, remotely, from a company or personal device?
- How can they share it? Using a file-sharing application, email or USB?
- With whom can they share it?
- Can it be printed or downloaded?
- What if they try to circumvent security by snapping a photo of the information?
Enforcing Zero Trust with Attribute-based Access Control
While implementing this level of fine-grained security may sound complicated, attribute-based access control (ABAC) provides an elegant solution. ABAC is a data-centric Zero Trust security model that evaluates attributes (or characteristics of data and/or users) rather than roles to determine file access and usage rights.
ABAC is a policy-based approach that assesses each file’s attributes, including security classification and permissions, user attributes such as nationality and security clearance, and environmental attributes such as time of day, location, and device, to determine who can access, edit, copy, download and share files.
ABAC policies dynamically determine whether a user should gain access to specific information at that moment in time and what actions the user can take with the data if access is granted.
If the user scenario does not match or appears suspicious, access is denied, or a restricted view of the data is provided. For example, if an authenticated user tries to access a sensitive file they own, but it is outside of business hours, and they are using a BYOD device in another country, file access will be denied – effectively thwarting a hacker using stolen credentials.
An ABAC approach allows organizations to exert precise control over access and adjusts file security in real time, delivering zero trust at the data layer.
Standing up a Data-centric Zero Trust Model
archTIS solves a range of secure collaboration problems from compartmentalized classified information sharing needs for government and Defence applications to securing sensitive information collaborated on in Microsoft applications – all using secure attribute-based controls that enforce data-centric zero trust.
With Zero Trust Network Access (ZTNA) quickly becoming the gold standard for secure access, archTIS products extend the concept of zero trust down to the data layer to control not only who can access information but also what they can do with it and whom they can share it with, uniquely tackling threats from the inside out.
As organizations move to a more distributed workforce and collaborate with external organizations and individuals, archTIS information security products offer a model that can adapt and more effectively meet threats from within.
Learn more about archTIS solutions for the collaboration of sensitive and classified data.
