Takes from Trustle: Cracking Down on Access Management

Sadly, data leak incidents have become commonplace. Events which were once rarely heard about or discussed, are now playing out in the news on almost a daily basis. The data backs it up… according to Statista, data compromises have on average been steadily increasing. From 2005 through 2016, there were 574 data compromises on average per year. Compare that with an average of 1455 data compromises on average per year from 2017 to 2022!

The most recent breach making big headlines is the Pentagon “Discord” Leak Case, where by some counts, over 300 documents, ranging in classification up to Top Secret, were leaked to social media.

Although the Pentagon will not publicly publish the exact policies that were in place up to this point to prevent such a leak, we can glean from their comments on the incident what is being done to help prevent such incidents from occurring again.

Policy Problem or Policy Enforcement?

Was it that materials weren’t being properly classified, or was it that the wrong people were given access to documents of a given classification they had no business having access to?

In response to the Snowden leak in 2013, government agencies reviewed policies and procedures to help prevent such an event from happening again. Although steps were taken back then, it seems there is more work to be done. Defense Secretary Lloyd Austin, who in light of this latest leak, has once again directed government leaders to carry out a “comprehensive review of DOD security programs, policies and procedures.” 

Even if the best programs, policies, and procedures are in place, they won’t work correctly if you aren’t properly tracking which people have access to which systems, and details of their access, such as why they need access to specific sensitive information, and how long they should have it for.

The Pentagon announced that they are reviewing access lists, to help determine if everyone who currently has viewing and printing access to sensitive documents should indeed possess that access.

Deputy Pentagon Press Secretary Sabrina Singh provides an example scenario that the government is currently focused on addressing:  “A very simple example would be a distribution list that has 10 people on it, and one of those people have left the organization, but they moved within the department and still have that email. So, it’s culling through some of those lists and making sure that people are sent information they actually need to… do their jobs. That effort is going to be ongoing [and] not just going to stop tomorrow and it’s not going to stop after a week because it’s going to be a long-term effort.”

A senior US official, under condition of anonymity,  was quoted by CNN saying “Way too many people have access to very sensitive information”. Another anonymous former government official commented “Whenever we do these investigations, we continue to be surprised at just how many people have access to these products.”

Reading between the lines of what the government is saying, and what news outlets are reporting, its evident that tools which can provide visibility of all systems and resources, their sensitivity classifications and their permissions access, as well as provide compliant workflows around granting and removing access, will play a larger role in mitigating future incidents.

Any system humans play a part in are de facto fallible. The previously mentioned controls can dramatically reduce the chances of a leak occurring. But even if a leak does occur, when they do, tools like these still provide an audit trail of who had access to what and when, acting as a valuable forensics tool to track down bad actors.

Reining in the Access at your Organization with Trustle

Trustle is one such tool that allows your team to make context-based decisions providing compliant, automated access for the right user, to the right resource, for the right length of time. 

Trustle uses a unique blend of pragmatic and programmatic approaches to secure cloud systems. To support audit and regulatory requirements, Trustle provides approval workflows. For ongoing access activities, Trustle uses a combination approval status, risk score, and policy to determine the appropriate action. Of course, all of this activity is available as a history for certification and audit.

In addition, we see our customers using Trustle to:

  • See at a glance who has access to what in their organization.
  • Understand the risk a user or resource carries with the built-in Risk Recommendation Engine. This includes confirming that terminated or transferred personnel do not have access to resources.
  • Classify their resources from low to high risk, helping to prevent inappropriate access grants.
  • Implement customizable workflows where managers must approve and certify employee access to generally sensitive resources, and involve others (system owners, executives, etc) in granting access to highly sensitive resources.
  • Automatically expire and revoke access to resources on a schedule agreed upon by both management and users.

Leaks and bad actors aside, it's also important to mention when it's smooth sailing, the data Trustle uses to manage your organization's resources can also be exported for compliance certification.

To check out Trustle today for free, and take the Starter package for a test drive.

Geremy Cohen
Geremy Cohen | April 25, 2023