OK, so this is an extremely high-profile breach, with extremely sensitive data but it goes to show that no data access is safe if you haven’t got the right controls in place. Here’s what we know about the data security breach so far:
- Jack Teixeira has appeared in a Boston court for allegedly leaking confidential US defence and intelligence documents
- He’s been charged with unauthorised retention and transmission of national defence information, and unauthorised removal and retention of classified documents
- Teixeira is a member of the intelligence wing of the Massachusetts Air National Guard and was recently promoted
- The defence and intelligence files were leaked on the gaming platform Discord, causing panic among top US officials
- There is a question as to why Teixeira had access to documents that he likely had no need to access, Zaid says.
- A statement on the leaks and subsequent charging of Jack Teixeira has been issued by Republican House Speaker Kevin McCarthy. “The Biden administration has failed to secure classified information. Through our committees, Congress will get answers as to why they were asleep at the switch.”
Ouch.
Knowing who has access to what information, and most importantly ‘why’ they have access is vital to the data security of any organisation. However, we all know how easy it is for permissions and access to become out of date or spiral out of control.
Whilst your data might not be of National Security, a data breach can mean embarrassment, cost and liability so, here’s an quick overview of how Torsion helps prevent such data breaches…intentional or accidental.
- Torsion is based on Attribute Based Access Control (ABAC), meaning data access is granted based on ‘why’ somebody should have access, as opposed to just a name or team. This means that people only have access to documents that they need, and no more than that.
- Torsion automatically detects and flags any data access that looks suspicious or inappropriate and immediately prevents access until verified.
- Data owners and admin users can always see a complete list of who has access to their data, why they have access and when they accessed it. That’s a pretty good audit trail and a lot of peace of mind.
To find out how easy Torsion plugs into your Microsoft 365 estate, drop me a line at Stephan.atkins@torsionis.com.